LMP: Fix a loop for undefined behavior at runtime

The error was:
print-lmp.c:1132:13: runtime error: unsigned integer overflow: 249 - 516
cannot be represented in type 'unsigned int'

Update the output of a test accordingly.

diff --git a/print-lmp.c b/print-lmp.c
index ef8a17071df5c9ea209cb52ad7ef866cf021b4a0..4999e786cb0313fbc7299c9586b5fb1b3ba8cd29 100644 (file)
--- a/print-lmp.c
+++ b/print-lmp.c
@@ -1128,6 +1128,11 @@ lmp_print(netdissect_options *ndo,
             print_unknown_data(ndo,tptr+sizeof(struct lmp_object_header),"\n\t    ",
                                lmp_obj_len-sizeof(struct lmp_object_header));
 
+        if (tlen < lmp_obj_len) {
+            ND_PRINT(" [remaining objects length %u < %u]", tlen, lmp_obj_len);
+            nd_print_invalid(ndo);
+            break;
+        }
         tptr+=lmp_obj_len;
         tlen-=lmp_obj_len;
     }

diff --git a/tests/lmpv1_busyloop.out b/tests/lmpv1_busyloop.out
index 7a09e5dd32b75aa3e73a71d420b41a264d041915..a6181b77409750497f8c794f660c94fe5e6aa283 100644 (file)
--- a/tests/lmpv1_busyloop.out
+++ b/tests/lmpv1_busyloop.out
@@ -37,5 +37,4 @@
            0x01c0:  0002 0002 0000 0200 0200 0002 0002 0000
            0x01d0:  0200 0200 0002 0002 0000 0200 0200 0002
            0x01e0:  0002 0000 0200 0200 0002 0002 0000 0200
-           0x01f0:  0200 0002 0002 0000 0200 0200 0002 0002
-         Unknown Object (0), Class-Type: Unknown (0) Flags: [non-negotiable], length: 512 [|lmp]
+           0x01f0:  0200 0002 0002 0000 0200 0200 0002 0002 [remaining objects length 249 < 516] (invalid)