(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcom.c) |
| |
| 1631 | | | dissect_dcom_indexed_LPWSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo, |
| 1632 | | | proto_tree *tree, guint8 *drep, int hfindex, |
| 1633 | | | gchar *pszStr, guint32 u32MaxStr, int field_index) |
| 1634 | | | { |
| 1635 | | | guint32 u32MaxCount; |
| 1636 | | | guint32 u32Offset; |
| 1637 | | | guint32 u32ArraySize; |
| 1638 | | | guint32 u32StrStart; |
| 1639 | | | proto_item *sub_item; |
| 1640 | | | proto_tree *sub_tree; |
| 1641 | | | guint32 u32SubStart; |
| 1642 | | | gboolean isPrintable; |
| 1643 | | | |
| 1644 | | | |
| 1645 | | | |
| 1646 | | | if (offset % 4) { |
Event 1:
Skipping " if". offset % 4 evaluates to false.
hide
|
|
| 1647 | | | offset += 4 - (offset % 4); |
| 1648 | | | } |
| 1649 | | | |
| 1650 | | | |
| 1651 | | | sub_item = proto_tree_add_string(tree, hfindex, tvb, offset, 0, ""); |
| 1652 | | | sub_tree = proto_item_add_subtree(sub_item, ett_dcom_lpwstr); |
| 1653 | | | u32SubStart = offset; |
| 1654 | | | |
| 1655 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep, |
| 1656 | | | hf_dcom_max_count, &u32MaxCount); |
| 1657 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep, |
| 1658 | | | hf_dcom_offset, &u32Offset); |
| 1659 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, drep, |
| 1660 | [+] | | &u32ArraySize); |
Event 2:
dissect_dcom_dcerpc_array_size() does not initialize u32ArraySize. - This may be because of a failure case or other special case for dissect_dcom_dcerpc_array_size().
hide
|
|
 |
| 1661 | | | |
| 1662 | | | u32StrStart = offset; |
| 1663 | | | offset = dcom_tvb_get_nwstringz0(tvb, offset, u32ArraySize*2, pszStr, u32MaxStr, &isPrintable); |
Uninitialized Variable
u32ArraySize was not initialized. The issue can occur if the highlighted code executes. See related events 2 and 4. Show: All events | Only primary events |
|
| |