https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3230
Summary: negative INTEGER number displayed as positive number in
snmp dissector
Product: Wireshark
Version: SVN
Platform: All
OS/Version: Fedora
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mshindo@xxxxxxxxxxx
Build Information:
wireshark 1.1.3 (SVN Rev 27290)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.14.5, with GLib 2.18.3, with libpcap 1.1-PRE-CVS, with
libz
1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.4.2, with Gcrypt 1.4.3, with
MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.27.12-170.2.5.fc10.i686, with libpcap version 1.1-PRE-CVS,
GnuTLS 2.4.2, Gcrypt 1.4.3.
Built using gcc 4.3.2 20081105 (Red Hat 4.3.2-7).
--
According to X.690, "INTEGER" is defined as a "signed" value of an arbitrary
length.
It looks like epan/dissectors/packet-snmp.c tries to display INTEGER value (up
to 8 octets) using FT_INT64 field type.
3092 { &hf_snmp_integer32_value, { "Value (Integer32)", "snmp.value.int",
FT_INT64, BASE_DEC, NULL, 0, "", HFILL }},
This is no a problem when the given value is a positive number, but the it goes
wrong when the value is negative.
Suppose -1 is represented as signed 32 bit value (i.e. 0xffffffff). Current
dissector will display it as "4294967295", not as "-1" because 0xffffffff is a
positive number when displayed as FT_INT64.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.