proto: fix proto_item_add_bitmask_tree with zero length

packet-frame.c calls proto_item_add_bitmask_tree with a zero length, be
sure not to trigger undefined behavior (right shift by 64). Observed
with the capture from Bug 15247.

Change-Id: I5b5b7f920a37365295603be7b915f51b39d99faf
Fixes: v2.1.0rc0-1776-gb9fb2ceb88 ("Add heuristic dissectors for the variable part of COTP CR and CC PDUs.")
Reviewed-on: https://code.wireshark.org/review/34108
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>

1 files changed, 9 insertions, 4 deletions

diff --git a/epan/proto.c b/epan/proto.c
index 7b4d348624..7b03d256a2 100644
--- a/epan/proto.c
+++ b/epan/proto.c
@@ -11027,8 +11027,7 @@ proto_item_add_bitmask_tree(proto_item *item, tvbuff_t *tvb, const int offset,
 			    gboolean use_parent_tree,
 			    proto_tree* tree, guint64 value)
 {
-	guint              bitshift;
-	guint64            available_bits = 0;
+	guint64            available_bits = G_MAXUINT64;
 	guint64            tmpval;
 	header_field_info *hf;
 	guint32            integer32;
@@ -11036,8 +11035,14 @@ proto_item_add_bitmask_tree(proto_item *item, tvbuff_t *tvb, const int offset,
 
 	if (len < 0 || len > 8)
 		g_assert_not_reached();
-	bitshift = (8 - (guint)len)*8;
-	available_bits = G_GUINT64_CONSTANT(0xFFFFFFFFFFFFFFFF) >> bitshift;
+	/**
+	 * packet-frame.c uses len=0 since the value is taken from the packet
+	 * metadata, not the packet bytes. In that case, assume that all bits
+	 * in the provided value are valid.
+	 */
+	if (len > 0) {
+		available_bits >>= (8 - (guint)len)*8;
+	}
 
 	if (use_parent_tree == FALSE)
 		tree = proto_item_add_subtree(item, ett);