What do you think of this patch.
I was trying to use ND_TTEST2() in a place where l was seemingly to become
negative, and I felt that we should check for that situation.
In the situation at hand, that actually wasn't the problem, but I still think
that perhaps this is a good thing.
--- a/netdissect.h
+++ b/netdissect.h
@@ -271,8 +271,9 @@ struct netdissect_options {
* http://www.kb.cert.org/vuls/id/162289
*/
#define ND_TTEST2(var, l) \
+ ((l) >= 0 && \
((uintptr_t)ndo->ndo_snapend - (l) <=
(uintptr_t)ndo->ndo_snapend && \
- (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l))
+ (uintptr_t)&(var) <= (uintptr_t)ndo->ndo_snapend - (l)))
/* True if "var" was captured */
#define ND_TTEST(var) ND_TTEST2(var, sizeof(var))
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
