Wireshark-dev: [Wireshark-dev] Possibly unsafe padding in Yahoo dissectors?
From: Evan Huus <eapache@xxxxxxxxx>
Date: Mon, 21 May 2012 17:21:40 -0400
The two files packet-ymsg.c and packet-yhoo.c both define structs
called yahoo_rawpacket. Apart from the fact that the two structs are
not the same but have the same name (confusing, but not technically a
problem), both of these structs share a common feature: they are only
ever used exactly once, and that in a sizeof() call, the result of
which is used to check packet sanity. There is never a declared
instance of either, nor are any of their fields ever directly
accessed.

It occurs to me that this isn't necessarily safe - since different
compilers and different architectures can pad structures differently,
this may result in different behaviour across platforms. Both
structures contain only char-type elements, so in principle they
shouldn't ever be padded, but it seems like a risky assumption.
Normally I'd calculate the desired size of the structure by hand and
replace the whole thing with a #define, but the structures do have the
nice property of making the expected packet layout very clear.

So my question is what people feel the best style is in this situation?

1. Replace the structure with a #define of the length, possibly
leaving the struct #if 0'ed out for posterity.

2. Add some compiler hints to never pad the struct, but leave it as is.

3. Use this pattern in other places (possibly with the compiler hints
as per 2), since the self-documentation is a good thing.

Thoughts?

Thanks,
Evan