(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcerpc-mapi.c) |
| |
| 4041 | | | mapi_dissect_element_EcDoRpc_request_(tvbuff_t *tvb _U_, int offset _U_, packet_info *pinfo _U_, proto_tree *tree _U_, guint8 *drep _U_) |
| 4042 | | | { |
| 4043 | | | guint32 size; |
| 4044 | | | int start_offset = offset; |
| 4045 | | | guint8 *decrypted_data; |
| 4046 | | | tvbuff_t *decrypted_tvb; |
| 4047 | | | const guint8 *ptr; |
| 4048 | | | gint reported_len; |
| 4049 | | | guint16 pdu_len; |
| 4050 | | | guint32 i; |
| 4051 | | | proto_item *it = NULL; |
| 4052 | | | proto_tree *tr = NULL; |
| 4053 | | | offset = dissect_ndr_uint32(tvb, offset, pinfo, tree, drep, hf_mapi_EcDoRpc_mapi_request, &size); |
| 4054 | | | proto_tree_add_text(tree, tvb, start_offset, offset - start_offset + size, "Subcontext size: 0x%x", size); |
| 4055 | [+] | | reported_len = tvb_reported_length_remaining(tvb, offset); |
 |
| 4056 | | | if ((guint32) reported_len > size) { |
Cast Alters Value
reported_len is cast from int to unsigned int. - reported_len evaluates to -1.
- Negative values cannot be stored as unsigned int. Casting them to unsigned int can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |