Check to make sure we don't give a protocol tree item a negative length.

Clean up indentation.

If we dissect an octet string and then re-dissect it as a particular
type of data, don't use the end offset from the re-dissection as the
offset of the end of the octet string - just use the result of
"dissect_per_octet_string()".

svn path=/trunk/; revision=12406

2 files changed, 20 insertions, 15 deletions

diff --git a/epan/dissectors/packet-h450.c b/epan/dissectors/packet-h450.c
index 5c54b9ea48..edab6fd4bc 100644
--- a/epan/dissectors/packet-h450.c
+++ b/epan/dissectors/packet-h450.c
@@ -688,7 +688,7 @@ dissect_h4502_CTCompleteArg(tvbuff_t *tvb, int offset, packet_info *pinfo, proto
 static int
 dissect_h4502_connectedInfo(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree)
 {
-	offset=dissect_per_BMPString(tvb, offset, pinfo, tree, hf_h4502_connectedInfo, 1, 128);
+   offset=dissect_per_BMPString(tvb, offset, pinfo, tree, hf_h4502_connectedInfo, 1, 128);
    return offset;
 }
 
@@ -727,31 +727,31 @@ dissect_h4501_argument(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree
       switch (localOpcode) {
       case CallTransferIdentify:
       case CallTransferAbandon:
-         offset = dissect_h4502_DummyArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_DummyArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferInitiate:
-         offset = dissect_h4502_CTInitiateArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_CTInitiateArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferSetup:
-         offset = dissect_h4502_CTSetupArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_CTSetupArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferUpdate:
-         offset = dissect_h4502_CTUpdateArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_CTUpdateArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case SubaddressTransfer:
-         offset = dissect_h4502_SubaddressTransferArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_SubaddressTransferArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferComplete:
-         offset = dissect_h4502_CTCompleteArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_CTCompleteArg(argument_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferActive:
-         offset = dissect_h4502_CTActiveArg(argument_tvb, 0, pinfo, tree);
+         dissect_h4502_CTActiveArg(argument_tvb, 0, pinfo, tree);
          break;
 
       /* TODO - decode other H.450.x invoke arguments here */
@@ -761,7 +761,7 @@ PER_NOT_DECODED_YET("Unrecognized H.450.x operation");
          break;
       }
    }
-	return offset;
+   return offset;
 }
 
 
@@ -831,12 +831,12 @@ dissect_h4501_ReturnResult_result(tvbuff_t *tvb, int offset, packet_info *pinfo,
 
       switch (localOpcode) {
       case CallTransferIdentify:
-         offset = dissect_h4502_CTIdentifyRes(result_tvb, 0, pinfo, tree);
+         dissect_h4502_CTIdentifyRes(result_tvb, 0, pinfo, tree);
          break;
 
       case CallTransferInitiate:
       case CallTransferSetup:
-         offset = dissect_h4502_DummyRes(result_tvb, 0, pinfo, tree);
+         dissect_h4502_DummyRes(result_tvb, 0, pinfo, tree);
          break;
 
       default:
diff --git a/epan/proto.c b/epan/proto.c
index af7c14537e..25c708eba9 100644
--- a/epan/proto.c
+++ b/epan/proto.c
@@ -1315,6 +1315,7 @@ proto_tree_add_string(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
 	g_assert(hfinfo->type == FT_STRING || hfinfo->type == FT_STRINGZ);
 
 	pi = proto_tree_add_pi(tree, hfindex, tvb, start, &length, &new_fi);
+	g_assert(length >= 0);
 	proto_tree_set_string(new_fi, value, FALSE);
 
 	return pi;
@@ -2047,12 +2048,14 @@ alloc_field_info(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
 				 */
 				tvb_ensure_bytes_exist(tvb, start, 0);
 			}
+			g_assert(*length >= 0);
 			break;
 
 		case FT_NONE:
 		case FT_BYTES:
 		case FT_STRING:
 			*length = tvb_ensure_length_remaining(tvb, start);
+			g_assert(*length >= 0);
 			break;
 
 		case FT_STRINGZ:
@@ -2065,7 +2068,8 @@ alloc_field_info(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
 		default:
 			g_assert_not_reached();
 		}
-	}
+	} else
+		g_assert(*length >= 0);
 
 	FIELD_INFO_NEW(fi);
 
@@ -2075,9 +2079,8 @@ alloc_field_info(proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start,
 	fi->length = *length;
 	fi->tree_type = -1;
 	fi->flags = 0;
-    if(!PTREE_DATA(tree)->visible) {
-        FI_SET_FLAG(fi, FI_HIDDEN);
-    }
+	if (!PTREE_DATA(tree)->visible)
+		FI_SET_FLAG(fi, FI_HIDDEN);
 	fvalue_init(&fi->value, fi->hfinfo->type);
 	fi->rep = NULL;
 
@@ -2171,6 +2174,7 @@ proto_item_set_len(proto_item *pi, gint length)
 	if (pi == NULL)
 		return;
 	fi = PITEM_FINFO(pi);
+	g_assert(length >= 0);
 	fi->length = length;
 }
 
@@ -2190,6 +2194,7 @@ proto_item_set_end(proto_item *pi, tvbuff_t *tvb, gint end)
 		return;
 	fi = PITEM_FINFO(pi);
 	end += TVB_RAW_OFFSET(tvb);
+	g_assert(end >= fi->start);
 	fi->length = end - fi->start;
 }