On 10/11/2012 1:27 AM, Guy Harris wrote:
Actually, this one:
for(sid_number = 1; sid_number <= number_of_sids; sid_number++) {
proto_tree_add_item(parameter_tree, hf_stream_reset_sid, parameter_tvb, sid_offset, SID_LENGTH, ENC_BIG_ENDIAN);
sid_offset += SID_LENGTH;
}
could conceivably *not* cause a bounds error, as it looks as if it'd
be executed even if parameter_tree is null, in which case the
proto_tree_add_item() calls will just return without fetching
anything from the tvbuff. (That's why the buildbot bug I fixed with
a similar change only showed up when I ran TShark *without* -V -
*with* -v, proto_tree_add_item() actually fetched data from the
tvbuff and threw a bounds error when it went past the end of the
packet, but without it (and without any display/read filter or color
filter or anything else that required building a protocol tree or
even just fetching protocol field values), nothing was fetched and no
exceptions were thrown.
Yes; After the commit, and after looking at your patch a bit more
closely, I realized that my comment was probably incorrect....
I've done a search and found other possible cases which I'll review in
more detail tomorrow.