Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Why isn't this a bug?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 08 Jul 2011 23:43:19 +0200
Hi list,

From the packet-giop.c source code:

static gboolean try_heuristic_giop_dissector(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint32 *offset,
                MessageHeader *header, gchar *operation  ) {
...

  {
    guint32 message_size;
    gboolean stream_is_big_endian = is_big_endian (header);

    if (stream_is_big_endian)
      message_size = pntohl (&header->message_size);
    else
      message_size = pletohl (&header->message_size);

    if (*offset > header->message_size)
      return FALSE;
  }

While everywhere else 'message_size' is used, i.s.o. header->message size.
Why isn't this a bug?

Thanks,
Jaap