From b40beb9edfc5c09bb2374e2382871a7fc8825858 Mon Sep 17 00:00:00 2001
From: Pascal Quantin <pascal.quantin@gmail.com>
Date: Wed, 5 Sep 2018 13:20:43 +0200
Subject: [PATCH] tvbuff_subset.c: handle a reported_length set to -1 in
 tvb_new_subset_length()

According to tvbuff.h, tvb_new_subset_length() should behave like
tvb_new_subet_caplen(). Let's do so.

Bug: 15112
Change-Id: I3f05ff45246ac0d05e9bc7bd069ec864da1afae6
Reviewed-on: https://code.wireshark.org/review/29426
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
---
 epan/tvbuff_subset.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/epan/tvbuff_subset.c b/epan/tvbuff_subset.c
index 8a33147480..08e3253302 100644
--- a/epan/tvbuff_subset.c
+++ b/epan/tvbuff_subset.c
@@ -164,13 +164,19 @@ tvbuff_t *
 tvb_new_subset_length(tvbuff_t *backing, const gint backing_offset, const gint reported_length)
 {
 	gint	  captured_length;
+	gint	  actual_reported_length;
 	tvbuff_t *tvb;
 	guint	  subset_tvb_offset;
 	guint	  subset_tvb_length;
 
 	DISSECTOR_ASSERT(backing && backing->initialized);
 
-	THROW_ON(reported_length < 0, ReportedBoundsError);
+	THROW_ON(reported_length < -1, ReportedBoundsError);
+
+	if (reported_length == -1)
+		actual_reported_length = backing->reported_length;
+	else
+		actual_reported_length = reported_length;
 
 	/*
 	 * Cut the captured length short, so it doesn't go past the subset's
@@ -178,14 +184,14 @@ tvb_new_subset_length(tvbuff_t *backing, const gint backing_offset, const gint r
 	 */
 	captured_length = tvb_captured_length_remaining(backing, backing_offset);
 	THROW_ON(captured_length < 0, BoundsError);
-	if (captured_length > reported_length)
-		captured_length = reported_length;
+	if (captured_length > actual_reported_length)
+		captured_length = actual_reported_length;
 
 	tvb_check_offset_length(backing, backing_offset, captured_length,
 			        &subset_tvb_offset,
 			        &subset_tvb_length);
 
-	tvb = tvb_new_with_subset(backing, (guint)reported_length,
+	tvb = tvb_new_with_subset(backing, (guint)actual_reported_length,
 	    subset_tvb_offset, subset_tvb_length);
 
 	tvb_add_to_chain(backing, tvb);