Home page logo
/

wireshark logo Wireshark mailing list archives

Report a bug in Wireshark
From: 都 黎 <jonathan.lidu () hotmail com>
Date: Wed, 3 Apr 2013 11:21:26 +0800

Hi, Wireshark team,
Recently when I supported parsing new message by wireshark, I found bit-alignment by API 
proto_tree_add_int_bits_format_value is always reversal. After deeper investigation to code, I think there's bug in 
below code:
static guint64_tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint total_no_of_bits){        ....        
if(required_bits_in_first_octet > total_no_of_bits)     {               /* the required bits don't extend to the end of 
the first octet */              guint8 right_shift = required_bits_in_first_octet - total_no_of_bits;           value = 
(tvb_get_guint8(tvb, octet_offset) >> right_shift) & bit_mask8[total_no_of_bits % 8];   }
Here right_shift looks wrong to me, here it's always (7 - bit_offset % 8), but I think what's correct way is directly 
shift ( bit_offset % 8 ).
Another questionable place is code below:
static guint64_tvb_get_bits64(tvbuff_t *tvb, guint bit_offset, const gint total_no_of_bits){    ...     else    {       
        guint8 remaining_bit_length = total_no_of_bits;
                /* get the bits up to the first octet boundary */               value = 0;              
required_bits_in_first_octet %= 8;              if(required_bits_in_first_octet != 0)           {                       
value = tvb_get_guint8(tvb, octet_offset) & bit_mask8[required_bits_in_first_octet];                    
remaining_bit_length -= required_bits_in_first_octet;                   octet_offset ++;                }
Here looks bit_offset is missed when getting value, I think the correct way is -
value = (tvb_get_guint8(tvb, octet_offset) >> bit_offset % 8) & bit_mask8[required_bits_in_first_octet]

Regards,Li Du                                     
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
  • Report a bug in Wireshark 都 黎 (Apr 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault