(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcerpc-spoolss.c) |
| |
| 948 | | | static int SpoolssSetPrinterDataEx_q(tvbuff_t *tvb, int offset, |
| 949 | | | packet_info *pinfo, proto_tree *tree, |
| 950 | | | guint8 *drep _U_) |
| 951 | | | { |
| 952 | | | char *key_name, *value_name; |
| 953 | | | guint32 max_len; |
| 954 | | | proto_item *hidden_item; |
| 955 | | | |
| 956 | | | hidden_item = proto_tree_add_uint( |
| 957 | | | tree, hf_printerdata, tvb, offset, 0, 1); |
| 958 | | | PROTO_ITEM_SET_HIDDEN(hidden_item);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
319 | #define PROTO_ITEM_SET_HIDDEN(proto_item) \ |
320 | ((proto_item) ? FI_SET_FLAG((proto_item)->finfo, FI_HIDDEN) : 0) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
246 | #define FI_SET_FLAG(fi, flag) (fi->flags = fi->flags | flag) |
| |
|
Event 1:
hidden_item evaluates to true.
hide
|
|
| 959 | | | |
| 960 | | | |
| 961 | | | |
| 962 | | | offset = dissect_nt_policy_hnd( |
| 963 | | | tvb, offset, pinfo, tree, drep, hf_hnd, NULL, NULL, |
| 964 | | | FALSE, FALSE); |
| 965 | | | |
| 966 | | | offset = dissect_ndr_cvstring( |
| 967 | | | tvb, offset, pinfo, tree, drep, sizeof(guint16), |
| 968 | | | hf_printerdata_key, TRUE, &key_name); |
Event 2:
!0 evaluates to true.
hide
|
|
| 969 | | | |
| 970 | | | CLEANUP_PUSH(g_free, key_name);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
124 | #define except_cleanup_push(F, C) \ |
125 | { \ |
126 | struct except_stacknode except_sn; \ |
127 | struct except_cleanup except_cl; \ |
128 | except_setup_clean(&except_sn, &except_cl, F, C) |
| |
|
| 971 | | | |
| 972 | | | offset = dissect_ndr_cvstring( |
| 973 | | | tvb, offset, pinfo, tree, drep, sizeof(guint16), |
| 974 | | | hf_printerdata_value, TRUE, &value_name); |
Event 3:
!0 evaluates to true.
hide
|
|
| 975 | | | |
| 976 | [+] | | if (check_col(pinfo->cinfo, COL_INFO)) |
 |
| 977 | | | col_append_fstr(pinfo->cinfo, COL_INFO, ", %s/%s", |
| 978 | | | key_name, value_name); |
| 979 | | | |
| 980 | | | CLEANUP_CALL_AND_POP;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
130 | #define except_cleanup_pop(E) \ |
131 | except_pop(); \ |
132 | if (E) \ |
133 | except_cl.except_func(except_cl.except_context); \ |
134 | } |
| |
|
Event 6:
Taking true branch. 1 evaluates to true.
hide
|
|
| 981 | | | g_free(value_name); |
| 982 | | | |
| 983 | | | offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, |
| 984 | | | hf_printerdata_type, NULL); |
| 985 | | | |
| 986 | | | offset = dissect_ndr_uint32( |
| 987 | | | tvb, offset, pinfo, tree, drep, |
| 988 | [+] | | hf_setprinterdataex_max_len, &max_len); |
Event 8:
dissect_ndr_uint32() does not initialize max_len. - This may be because of a failure case or other special case for dissect_ndr_uint32().
hide
|
|
 |
| 989 | | | |
| 990 | | | offset = dissect_ndr_uint8s( |
| 991 | | | tvb, offset, pinfo, tree, drep, |
| 992 | | | hf_setprinterdataex_data, max_len, NULL); |
Uninitialized Variable
max_len was not initialized. The issue can occur if the highlighted code executes. See related event 8. Show: All events | Only primary events |
|
| |