Note that a dissector heuristic test *must not* cause an exception before returning FALSE.

Change-Id: I9f1ab000f7a2c554d1c20abf8ca4e4bab4b5ef27
Reviewed-on: https://code.wireshark.org/review/635
Reviewed-by: Bill Meier <wmeier@newsguy.com>
Tested-by: Bill Meier <wmeier@newsguy.com>

1 files changed, 10 insertions, 0 deletions

diff --git a/doc/README.heuristic b/doc/README.heuristic
index d0d270ee53..544a64d484 100644
--- a/doc/README.heuristic
+++ b/doc/README.heuristic
@@ -91,6 +91,13 @@ Obviously, this is *not* 100% bullet proof, but it's the best WS can offer to
 its users here - and improving the heuristic is always possible if it turns out
 that it's not good enough to distinguish between two given protocols.
 
+Note: The heuristic code in a dissector *must not* cause an exception
+      (before returning FALSE) as this will prevent following
+      heuristic dissector handoffs. In practce, this normally means
+      that a test should be done to verify that the required data is
+      available in the tvb before fetching from the tvb. (See the
+      example below).
+
 
 Heuristic Code Example
 ----------------------
@@ -120,6 +127,9 @@ static gboolean
 dissect_PROTOABBREV_heur(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data)
 {
 ...
+    /* 0) Verify needed bytes available in tvb so tvb_get...() doesn't cause exception.
+    if (tvb_length(tvb) < 5)
+        return FALSE;
 
     /* 1) first byte must be 0x42 */
     if ( tvb_get_guint8(tvb, 0) != 0x42 )