Make 0 be a valid packet source timestamp

For fuzzed/damaged/corrupted pcaps, a timestamp of 0 could lead to an infinite loop in Bro as it interprets that as meaning the packet source is not ready yet.
2025-10-02 06:38:20 +00:00 · 2018-06-04 13:52:46 -05:00 · 2018-06-04 13:52:46 -05:00 · 19b893a5bc
commit 19b893a5bc
parent 791b24d232
4 changed files with 9 additions and 5 deletions
--- a/4
+++ b/4
@ -1,4 +1,8 @@

+2.5-642 | 2018-06-04 13:52:46 -0500
+
+  * Make 0 be a valid packet source timestamp (Corelight)
+
 2.5-641 | 2018-06-04 09:18:59 -0700

  * Add Broker::publish_and_relay BIF
--- a/2
+++ b/2
@ -1 +1 @@
-2.5-641
+2.5-642
--- a/src/Serializer.cc
+++ b/src/Serializer.cc
@ -1017,7 +1017,7 @@ double EventPlayer::NextTimestamp(double* local_network_time)
 		return ne_time;

 	if ( ! io )
-		return 0;
+		return -1;

 	// Read next event if we don't have one waiting.
 	if ( ! ne_time )
@ -1028,7 +1028,7 @@ double EventPlayer::NextTimestamp(double* local_network_time)
 		}

 	if ( ! ne_time )
-		return 0;
+		return -1;

 	if ( ! network_time )
 		{
--- a/src/iosource/Manager.cc
+++ b/src/iosource/Manager.cc
@ -81,7 +81,7 @@ IOSource* Manager::FindSoonest(double* ts)
 			all_idle = false;
 			double local_network_time = 0;
 			double ts = (*i)->src->NextTimestamp(&local_network_time);
-			if ( ts > 0 && ts < soonest_ts )
+			if ( ts >= 0 && ts < soonest_ts )
 				{
 				soonest_ts = ts;
 				soonest_src = (*i)->src;
@ -162,7 +162,7 @@ IOSource* Manager::FindSoonest(double* ts)
 				{
 				double local_network_time = 0;
 				double ts = src->src->NextTimestamp(&local_network_time);
-				if ( ts > 0.0 && ts < soonest_ts )
+				if ( ts >= 0.0 && ts < soonest_ts )
 					{
 					soonest_ts = ts;
 					soonest_src = src->src;
 @ -1 +1 @@
 .5-641
 .5-642