lwres: Fix an undefined behavior in pointer arithmetic

Check for truncation before doing pointer arithmetic to point
to the end of the packet.

print-lwres.c:294:10: runtime error: addition of unsigned offset to
  0xf3b032be overflowed to 0x9652d560
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior print-lwres.c:294:10

[Part of the PR #1012]

4 files changed, 5 insertions, 1 deletions

diff --git a/print-lwres.c b/print-lwres.c
index f6ed8f3c..b8f9b49a 100644
--- a/print-lwres.c
+++ b/print-lwres.c
@@ -291,7 +291,9 @@ lwres_print(netdissect_options *ndo,
 	if (ndo->ndo_vflag || v != LWRES_LWPACKETVERSION_0)
 		ND_PRINT(" v%u", v);
 	if (v != LWRES_LWPACKETVERSION_0) {
-		s = bp + GET_BE_U_4(np->length);
+		uint32_t pkt_len = GET_BE_U_4(np->length);
+		ND_TCHECK_LEN(bp, pkt_len);
+		s = bp + pkt_len;
 		goto tail;
 	}
 
diff --git a/tests/TESTLIST b/tests/TESTLIST
index bc23b548..ef0e6f3e 100644
--- a/tests/TESTLIST
+++ b/tests/TESTLIST
@@ -927,3 +927,4 @@ pb_nhrp_1			pb_nhrp_1.pcap			pb_nhrp_1.out	-v
 # Undefined behavior tests
 ip-snmp-leftshift-unsigned ip-snmp-leftshift-unsigned.pcap ip-snmp-leftshift-unsigned.out
 ip6-snmp-oid-unsigned ip6-snmp-oid-unsigned.pcap ip6-snmp-oid-unsigned.out
+lwres-pointer-arithmetic-ub lwres-pointer-arithmetic-ub.pcap lwres-pointer-arithmetic-ub.out
diff --git a/tests/lwres-pointer-arithmetic-ub.out b/tests/lwres-pointer-arithmetic-ub.out
new file mode 100644
index 00000000..f4953f4b
--- /dev/null
+++ b/tests/lwres-pointer-arithmetic-ub.out
@@ -0,0 +1 @@
+    1  14:31:29.364332 IP6 fe80:0:10ff:15:1800:1a00:0:100.921 > a00:300:115:1800:1a00:f4:100:a00.0:  lwres v41634 [|lwres]
diff --git a/tests/lwres-pointer-arithmetic-ub.pcap b/tests/lwres-pointer-arithmetic-ub.pcap
new file mode 100644
index 00000000..095fcbcb
--- /dev/null
+++ b/tests/lwres-pointer-arithmetic-ub.pcap