From: "Anders Broman" <a.broman@xxxxxxxxx>
Date: Sat, 17 Jun 2006 18:18:03 +0200

I'm back with the new bug related to my favourite MEGACO dissector :)

MEGACO dissector fails to decode such a packet:
!/1 <company1.com>:2944

It produces the following output:
    Observed Events Descriptor: OE=1025{20060614T01495601:al/of{init=False}}
     RequestID: 1025
     pkgdName: 20060614T01495601:al/of
      [ Parse error: Invalid offset ]

Parse error irritates me, it should not be here, the packet is valid. So,
the details.

Error occurs in the function which is called
dissect_megaco_observedeventsdescriptor(), line 2047 of packet-megaco.c
because tvb_current_offset is equal to tvb_previous_offset. Let's walk back
in timeand try to understand why they are equal. 1. tvb_current_offset - in
line 2040 there is an attempt to find next parameter. There is no next
parameter, so tvb_current_offset is adjusted in line 2044 to
tvb_observedevents_end_offset. 2. tvb_previous_offset - in line 2039 is
takes value from tvb_current_offset; tvb_current_offset, in turn, is
adjusted in line 1957 and it is equal to tvb_observedevents_end_offset . 

So, I concluded that (tvb_current_offset <= tvb_previous_offset) condition
is always true is there is only one parameter in observed event descriptor. 

Index: packet-megaco.c
--- packet-megaco.c	(revision 18189)
+++ packet-megaco.c	(working copy)
@@ -2042,7 +2042,7 @@
 			if (tvb_current_offset == -1 || tvb_current_offset >
tvb_observedevents_end_offset ){
 				tvb_current_offset =
-			if (tvb_current_offset <= tvb_previous_offset) {
+			if (tvb_current_offset < tvb_previous_offset) {
proto_tree_add_text(megaco_observedevent_tree, tvb, 0, 0, "[ Parse error:
Invalid offset ]");
Eugene Tarlovskij