diff options
author | Peter Wu <peter@lekensteyn.nl> | 2019-07-28 17:58:53 +0100 |
---|---|---|
committer | Peter Wu <peter@lekensteyn.nl> | 2019-07-29 20:50:45 +0000 |
commit | 77b6160696cf316434319ba83d49b074152241bd (patch) | |
tree | ae8473f358fa012fc5c97fb9765039fe98dc7954 /epan/proto.c | |
parent | 53ecc16079ee518e3b83df352a389d04543fcac3 (diff) |
proto: fix proto_item_add_bitmask_tree with zero length
packet-frame.c calls proto_item_add_bitmask_tree with a zero length, be
sure not to trigger undefined behavior (right shift by 64). Observed
with the capture from Bug 15247.
Change-Id: I5b5b7f920a37365295603be7b915f51b39d99faf
Fixes: v2.1.0rc0-1776-gb9fb2ceb88 ("Add heuristic dissectors for the variable part of COTP CR and CC PDUs.")
Reviewed-on: https://code.wireshark.org/review/34108
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/proto.c')
-rw-r--r-- | epan/proto.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/epan/proto.c b/epan/proto.c index 7b4d348624..7b03d256a2 100644 --- a/epan/proto.c +++ b/epan/proto.c @@ -11027,8 +11027,7 @@ proto_item_add_bitmask_tree(proto_item *item, tvbuff_t *tvb, const int offset, gboolean use_parent_tree, proto_tree* tree, guint64 value) { - guint bitshift; - guint64 available_bits = 0; + guint64 available_bits = G_MAXUINT64; guint64 tmpval; header_field_info *hf; guint32 integer32; @@ -11036,8 +11035,14 @@ proto_item_add_bitmask_tree(proto_item *item, tvbuff_t *tvb, const int offset, if (len < 0 || len > 8) g_assert_not_reached(); - bitshift = (8 - (guint)len)*8; - available_bits = G_GUINT64_CONSTANT(0xFFFFFFFFFFFFFFFF) >> bitshift; + /** + * packet-frame.c uses len=0 since the value is taken from the packet + * metadata, not the packet bytes. In that case, assume that all bits + * in the provided value are valid. + */ + if (len > 0) { + available_bits >>= (8 - (guint)len)*8; + } if (use_parent_tree == FALSE) tree = proto_item_add_subtree(item, ett); |