https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6175
Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #7 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2011-08-10 17:49:58 PDT ---
(In reply to comment #6)
> I'm confused. Are you saying that a negative return value from
> tvb_reported_length_remaining() (or the Lua wrapper) is dangerous? How so?
The function is somewhat dangerous, not inherently, but because people may
expect the return result to always be positive. An example is what I quoted:
> epan/dissectors/packet-cdp.c: while (tvb_reported_length_remaining(tvb,
> offset) != 0) {
Here the developer appears to have assumed that any non-zero return means
"there's more data in the TVB (after the offset)". But if offset has passed
beyond the end of the TVB then the while loop could last a long time--though I
guess usually contents of the loop would access the TVB and throw an exception.
OK, maybe it wasn't quite the problem I thought it was.
Checked in rev 38464.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
