Wireshark-bugs: [Wireshark-bugs] [Bug 3230] New: negative INTEGER number displayed as positive n

Date: Mon, 2 Feb 2009 01:13:36 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3230

           Summary: negative INTEGER number displayed as positive number in
                    snmp dissector
           Product: Wireshark
           Version: SVN
          Platform: All
        OS/Version: Fedora
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mshindo@xxxxxxxxxxx


Build Information:
wireshark 1.1.3 (SVN Rev 27290)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.5, with GLib 2.18.3, with libpcap 1.1-PRE-CVS, with
libz
1.2.3, with POSIX capabilities (Linux), without libpcre, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.4.2, with Gcrypt 1.4.3, with
MIT Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.27.12-170.2.5.fc10.i686, with libpcap version 1.1-PRE-CVS,
GnuTLS 2.4.2, Gcrypt 1.4.3.

Built using gcc 4.3.2 20081105 (Red Hat 4.3.2-7).

--
According to X.690, "INTEGER" is defined as a "signed" value of an arbitrary
length.

It looks like epan/dissectors/packet-snmp.c tries to display INTEGER value (up
to 8 octets) using FT_INT64 field type.

  3092    { &hf_snmp_integer32_value, { "Value (Integer32)", "snmp.value.int",
FT_INT64, BASE_DEC,  NULL, 0, "", HFILL }},

This is no a problem when the given value is a positive number, but the it goes
wrong when the value is negative.

Suppose -1 is represented as signed 32 bit value (i.e. 0xffffffff). Current
dissector will display it as "4294967295", not as "-1" because 0xffffffff is a
positive number when displayed as FT_INT64.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.