(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcom-remunkn.c) |
| |
| 87 | | | dissect_remunk_remqueryinterface_rqst(tvbuff_t *tvb, int offset, |
| 88 | | | packet_info *pinfo, proto_tree *tree, guint8 *drep) |
| 89 | | | { |
| 90 | | | e_uuid_t ipid; |
| 91 | | | guint32 u32Refs; |
| 92 | | | guint16 u16IIDs; |
| 93 | | | guint32 u32ArraySize; |
| 94 | | | guint32 u32ItemIdx; |
| 95 | | | e_uuid_t iid; |
| 96 | | | dcerpc_info *info = (dcerpc_info *) pinfo->private_data; |
| 97 | | | remunk_remqueryinterface_call_t *call; |
| 98 | | | |
| 99 | | | |
| 100 | | | offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); |
| 101 | | | |
| 102 | | | offset = dissect_dcom_UUID(tvb, offset, pinfo, tree, drep, |
| 103 | | | hf_dcom_ipid, &ipid); |
| 104 | | | |
| 105 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, |
| 106 | | | hf_remunk_refs, &u32Refs); |
| 107 | | | |
| 108 | | | offset = dissect_dcom_WORD(tvb, offset, pinfo, tree, drep, |
| 109 | | | hf_remunk_iids, &u16IIDs); |
| 110 | | | |
| 111 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, |
| 112 | | | &u32ArraySize); |
| 113 | | | |
| 114 | | | |
| 115 | | | if(u32ArraySize < 100) { |
Event 1:
Taking false branch. u32ArraySize < 100 evaluates to false.
hide
|
|
| 116 | | | call = se_alloc(sizeof(remunk_remqueryinterface_call_t) + u32ArraySize * sizeof(e_uuid_t)); |
| 117 | | | call->iid_count = u32ArraySize; |
| 118 | | | call->iids = (e_uuid_t *) (call+1); |
| 119 | | | info->call_data->private_data = call; |
| 120 | | | } else { |
| 121 | | | call = NULL; |
| 122 | | | } |
| 123 | | | |
| 124 | | | for (u32ItemIdx = 0; u32ArraySize--; u32ItemIdx++) { |
Event 2:
Entering loop body. u32ArraySize-- evaluates to true.
hide
|
|
| 125 | | | offset = dissect_dcom_append_UUID(tvb, offset, pinfo, tree, drep, |
| 126 | [+] | | hf_dcom_iid, u32ItemIdx+1, &iid); |
Event 3:
&iid is passed to dissect_dcom_append_UUID() as the eighth argument.
hide
Event 4:
dissect_dcom_append_UUID() does not initialize iid. - This may be because of a failure case or other special case for dissect_dcom_append_UUID().
hide
|
|
 |
| |