Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] h.261 header parsing bug

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Wed, 11 Apr 2012 23:31:58 +0200
Hi,

Can you test this instead?

                /* MBAP 2nd octet, 4 bits, 3rd octet 1 bit */
                proto_tree_add_uint( h261_tree, hf_h261_mbap, tvb, offset, 1,
                    ( tvb_get_ntohs( tvb, offset ) & 0x0F80 ) >> 7 );

If this works please file a bug report in Bugzilla.

Thanks,
Jaap


On 02/28/2012 01:10 PM, Marat R. Gilmutdinov wrote:

Hello,

Looks like a bug in MBAP field parsing in H.261 header (packet-h261.c):

/* MBAP 2nd octet, 4 bits, 3rd octet 1 bit */

proto_tree_add_uint( h261_tree, hf_h261_mbap, tvb, offset, 1,

( tvb_get_guint8( tvb, offset ) & 15 )

+ ( tvb_get_guint8( tvb, offset + 1 ) >> 7 ) );

offset++;

( tvb_get_guint8( tvb, offset ) & 15 ) should be multiplied by 2 (left shift by
1) before adding ( tvb_get_guint8( tvb, offset + 1 ) >> 7 ) ).

Marat
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube