Fix an out of bounds access found by ASAN and reported by Alexis:

==21553==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fffbc0b2a5e at pc 0x7fe8684147a3 bp 0x7fffbc0b2950 sp 0x7fffbc0b2948
READ of size 2 at 0x7fffbc0b2a5e thread T0
    #0 0x7fe8684147a2 in dissect_schedule_message /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:309
    #1 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #2 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
    #3 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #4 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
    #5 0x7fe868a3ebd4 in decode_udp_ports /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:411
    #6 0x7fe868a41886 in dissect /home/alagoutte/wireshark-clang/epan/dissectors/packet-udp.c:747
    #7 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #8 0x7fe867ed6d03 in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
    #9 0x7fe8684eaa1f in dissect_ip /home/alagoutte/wireshark-clang/epan/dissectors/packet-ip.c:2401
    #10 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #11 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
    #12 0x7fe868333e98 in dissect_ethertype /home/alagoutte/wireshark-clang/epan/dissectors/packet-ethertype.c:305
    #13 0x7fe867ed707d in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:508
    #14 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
    #15 0x7fe8683328ad in dissect_eth_common /home/alagoutte/wireshark-clang/epan/dissectors/packet-eth.c:472
    #16 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #17 0x7fe867ed735b in dissector_try_uint_new /home/alagoutte/wireshark-clang/epan/packet.c:1030
    #18 0x7fe868382460 in dissect_frame /home/alagoutte/wireshark-clang/epan/dissectors/packet-frame.c:485
    #19 0x7fe867ed70a9 in call_dissector_through_handle /home/alagoutte/wireshark-clang/epan/packet.c:512
    #20 0x7fe867eda42c in call_dissector_only /home/alagoutte/wireshark-clang/epan/packet.c:2139
    #21 0x7fe867ed5baf in call_dissector /home/alagoutte/wireshark-clang/epan/packet.c:2169
    #22 0x7fe867eb6388 in epan_dissect_run_with_taps /home/alagoutte/wireshark-clang/epan/epan.c:329
    #23 0x4a0ef9 in process_packet /home/alagoutte/wireshark-clang/tshark.c:3434
    #24 0x49c985 in load_cap_file /home/alagoutte/wireshark-clang/tshark.c:3237
    #25 0x7fe860e8ede4 in __libc_start_main /build/buildd/eglibc-2.17/csu/libc-start.c:260
    #26 0x48586c in _start ??:?

Address 0x7fffbc0b2a5e is located in stack of thread T0 at offset 126 in frame
    #0 0x7fe86841353f in dissect_cbch /home/alagoutte/wireshark-clang/epan/dissectors/packet-gsm_cbch.c:345

  This frame has 2 object(s):
    [32, 80) 'new_slots.i'
    [128, 224) 'other_slots.i' <== Memory access at offset 126 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ??


svn path=/trunk/; revision=53934

1 files changed, 1 insertions, 1 deletions

diff --git a/epan/dissectors/packet-gsm_cbch.c b/epan/dissectors/packet-gsm_cbch.c
index 8117ffb284..a93a2affaa 100644
--- a/epan/dissectors/packet-gsm_cbch.c
+++ b/epan/dissectors/packet-gsm_cbch.c
@@ -301,7 +301,7 @@ dissect_schedule_message(tvbuff_t *tvb, packet_info *pinfo, proto_tree *top_tree
                         ++k;
                     }
                 }
-                else if ((octet1 & 0xC0) == 0)
+                else if (octet1 && ((octet1 & 0xC0) == 0))
                 {
                     /* MDT 00 */
                     if (octet1 < k)