Home page logo

wireshark logo Wireshark mailing list archives

Re: large signed 40-56bit integers
From: Jakub Zawadzki <darkjames-ws () darkjames pl>
Date: Tue, 17 Dec 2013 00:08:23 +0100

On Sat, Dec 14, 2013 at 07:44:02PM -0500, mmann78 () netscape net wrote:

There is a bug in Wireshark when a dissector has an hf_ variable of type FT_INT64 and the requested length of the 
field is < 8 bytes.  There is no accounting for the sign bit (which has led dissectors to come up with their own 
solutions).  The attached patch attempts to address it.  The questions I have is

1. Are these the right places to modify?  I thought about pint.h, but I didn't know how to get the "sign check" in 
2. Is this cross-platform friendly? (I realize it may not be the most optimized solution)
3. Did I go far enough in addressing the "common" uses?  Is FT_INT40, etc necessary?

Any other thoughts?

+tvb_get_letohi56(tvbuff_t *tvb, const gint offset)
+       const guint8 *ptr;
+       guint64 ret;
+       ptr = fast_ensure_contiguous(tvb, offset, 7);
+       ret = pletoh56(ptr);

just: ret = tvb_get_letoh56(tvb, offset); ?

+       if (ret & 0x80) /* account for sign bit */
+               ret |= 0xFF00000000000000;

why 0x80? I think it should be:
        if (ret   & 0x0080000000000000LL) /*  (1LL << 55) */ 
                     ret |= 0xff00000000000000LL  /* -(1LL << 56) */

Thanks for working on it.

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]