NDPE attribute of NAN packet is not dissected

Summary

Data Path Response of NAN packet(nan.action.subtype == 0x06) is malformed.

Steps to reproduce

Setup a NAN data path link and it will generate a Data Path Response packet. I am not sure if you can reproduce it.

What is the current bug behavior?

I have checked the sourced code in version wireshark-3.4.2. In packet-wifi-nan.c ->dissect_attr_ndpe guint8 bits_type = tvb_get_bits8(tvb, offset * 8 + 4, 4); guint8 bit_offset = (offset * 8) + 4; guint8 bits_status = tvb_get_bits8(tvb, bit_offset, 4);

bit_offset is declared a gunit8, but offset is a guint. bit_offset will overflow once offset is too big.

bits_status will become a wrong value and hf_nan_attr_ndp_responder_ndi can not be dissected.

What is the expected correct behavior?

NDPE attribute of in Data Path Response can be dissected.

Sample capture file

bug_reoprt.pkt

Relevant logs and/or screenshots

Build information

Wireshark 3.4.2 (Git commit a889cf1b)