Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 4334] VNC Hextile encoding is incomplete

Date: Mon, 28 Dec 2009 16:50:40 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4334

--- Comment #1 from Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> 2009-12-28 17:50:38 MST ---
This is one of the problems I ran into developing the VNC dissector originally.
 Because the length of the current message isn't known at the beginning, but
instead it is extended by fields in the middle of the packet (sometimes
multiple times), I wrote the VNC_BYTES_NEEDED macro:

#define VNC_BYTES_NEEDED(a)                    \
    if(a > (guint)tvb_length_remaining(tvb, *offset))    \
        return a;

So if more bytes are needed to finish the current dissection process than are
available in the tvb, then more are requested.  The return from the macro is a
return from each function such as vnc_hextile_encoding() and is checked by the
calling function (in this case, vnc_server_framebuffer_update).  That is then
checked by the calling function (vnc_server_to_client).  The manual method of
requesting more bytes via desegmentation is used at the end of that function:

    if(bytes_needed > 0 && vnc_preference_desegment &&
       pinfo->can_desegment) {
        length_remaining = tvb_length_remaining(tvb, *offset);

        pinfo->desegment_offset = start_offset;
        pinfo->desegment_len = bytes_needed - length_remaining;
        return;
    }

... as you can see, this is messy and doesn't even work in all cases.

Ideally, Wireshark would be able to crawl through the message and keep adding
up the total number of bytes that need desegmentation and then go back and do
the actual dissection.  Because more bytes are specified throughout the
message, some dissection work is needed even on the first pass.  I think this
could be accomplished without changes to Wireshark itself though, so it is
worth investigating further.  It would be best to somehow use the same
functions that do the actual dissection to do the first pass dissection so
prevent duplicating code and introducing problems if only one of the two is
ever changed.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.