Do *NOT* assume that "%l[doxu]x" - or "%ll[doxu]" - is the way to print
a 64-bit quantity; on UN*X, it might be a "long" or a "long long",
depending on whether you're on a 32-bit or 64-bit platform and, on
Windows with MSVC++, it's not a long (even in 64-bit mode) and doesn't
use "%ll[doxu]", either. Instead, use PRI[doxu]64; that's what C99
defines, and what we define ourselves if the C environment doesn't
define it.
In some loops, don't loop just until we get an error, stop when we run
out of data to parse.
Also, add some comments to indicate what we know about lengths at
various points, before we do something with the length that happens to
assume what we know. Add some checks that this auditing found
necessary.
Use ForCES_HDRL, TLV_HDRL, and ILV_HDRL instead of various sizeof's, to
make it clearer what certain tests ensure are true (as, in other cases,
the #defines are subtracted from values that should be, at that point,
ensured not to be less than the #define in question).
Add TCHECK/TCHECK2 calls to make sure we are within the packet boundary
before fetching data. Make some length variables that could in theory
have values that don't fit in 16 bits 32 bits long.
Get rid of blanks before newlines.
Use EXTRACT_16BITS() and EXTRACT_32BITS() to fetch 16-bit and 32-bit
big-endian quantities from the packet, as there's no guarantee that a
given 16-bit quantity will be aligned on a 2-byte boundary or that a
given 32-bit quantity will be aligned on a 4-byte boundary, nor is there
a guarantee that unaligned accesses will succeed (they might trap, or
they might not fetch an unaligned quantity).
