(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-smb.c) |
| |
| 14510 | | | dissect_transaction2_response_data(tvbuff_t *tvb, packet_info *pinfo, |
| 14511 | | | proto_tree *parent_tree) |
| 14512 | | | { |
| 14513 | | | proto_item *item = NULL; |
| 14514 | | | proto_tree *tree = NULL; |
| 14515 | | | smb_info_t *si; |
| 14516 | | | smb_transact2_info_t *t2i; |
| 14517 | | | int count; |
| 14518 | | | gboolean trunc; |
| 14519 | | | int offset = 0; |
| 14520 | | | guint16 dc; |
| 14521 | | | |
| 14522 | | | dc = tvb_reported_length(tvb); |
| 14523 | | | |
| 14524 | | | si = (smb_info_t *)pinfo->private_data; |
| 14525 | | | DISSECTOR_ASSERT(si);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
117 | #define DISSECTOR_ASSERT(expression) \ |
118 | ((void) ((expression) ? (void)0 : \ |
119 | __DISSECTOR_ASSERT (expression, __FILE__, __LINE__))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
138 | #define __DISSECTOR_ASSERT(expression, file, lineno) \ |
139 | (REPORT_DISSECTOR_BUG( \ |
140 | ep_strdup_printf("%s:%u: failed assertion \"%s\"", \ |
141 | file, lineno, __DISSECTOR_ASSERT_STRINGIFY(expression)))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
Event 1:
si evaluates to true.
hide
|
|
| 14526 | | | |
| 14527 | | | if (si->sip != NULL && si->sip-> == SMB_EI_T2I) |
| 14528 | | | t2i = si->sip->; |
| 14529 | | | else |
| 14530 | | | t2i = NULL; |
| 14531 | | | |
| 14532 | | | if(parent_tree){ |
Event 3:
Skipping " if". parent_tree evaluates to false.
hide
|
|
| 14533 | | | if (t2i != NULL && t2i->subcmd != -1) { |
| 14534 | | | item = proto_tree_add_text(parent_tree, tvb, offset, dc, |
| 14535 | | | "%s Data", |
| 14536 | | | val_to_str(t2i->subcmd, trans2_cmd_vals, |
| 14537 | | | "Unknown (0x%02x)")); |
| 14538 | | | tree = proto_item_add_subtree(item, ett_smb_transaction_data); |
| 14539 | | | } else { |
| 14540 | | | item = proto_tree_add_text(parent_tree, tvb, offset, dc, |
| 14541 | | | "Unknown Transaction2 Data"); |
| 14542 | | | } |
| 14543 | | | } |
| 14544 | | | |
| 14545 | | | if (t2i == NULL) { |
Event 4:
Skipping " if". t2i == (void *)0 evaluates to false.
hide
|
|
| 14546 | | | offset += dc; |
| 14547 | | | return offset; |
| 14548 | | | } |
| 14549 | | | switch(t2i->subcmd){ |
Event 5:
t2i->subcmd evaluates to 2.
hide
|
|
| 14550 | | | case 0x00: |
| 14551 | | | |
| 14552 | | | break; |
| 14553 | | | case 0x01: |
| 14554 | | | |
| 14555 | | | count = si->info_count; |
| 14556 | | | |
| 14557 | | | if(count == -1) { |
| 14558 | | | break; |
| 14559 | | | } |
| 14560 | | | if (count && check_col(pinfo->cinfo, COL_INFO)) { |
| 14561 | | | col_append_str(pinfo->cinfo, COL_INFO, |
| 14562 | | | ", Files:"); |
| 14563 | | | } |
| 14564 | | | |
| 14565 | | | while(count--){ |
| 14566 | | | offset = dissect_ff2_response_data(tvb, pinfo, tree, |
| 14567 | | | offset, &dc, &trunc); |
| 14568 | | | if (trunc) |
| 14569 | | | break; |
| 14570 | | | } |
| 14571 | | | break; |
| 14572 | | | case 0x02: |
| 14573 | | | |
| 14574 | | | count = si->info_count; |
| 14575 | | | |
| 14576 | | | if(count == -1) { |
Event 6:
Skipping " if". count == -1 evaluates to false.
hide
|
|
| 14577 | | | break; |
| 14578 | | | } |
| 14579 | [+] | | if (count && check_col(pinfo->cinfo, COL_INFO)) { |
Event 7:
Skipping " if". count evaluates to true.
hide
|
|
 |
| 14580 | | | col_append_str(pinfo->cinfo, COL_INFO, |
| 14581 | | | ", Files:"); |
| 14582 | | | } |
| 14583 | | | |
| 14584 | | | while(count--){ |
Event 10:
Entering loop body. count-- evaluates to true.
hide
|
|
| 14585 | | | offset = dissect_ff2_response_data(tvb, pinfo, tree, |
| 14586 | [+] | | offset, &dc, &trunc); |
Event 11:
dissect_ff2_response_data() does not initialize trunc. - This may be because of a failure case or other special case for dissect_ff2_response_data().
hide
|
|
 |
| 14587 | | | if (trunc) |
Uninitialized Variable
trunc was not initialized. The issue can occur if the highlighted code executes. See related event 11. Show: All events | Only primary events |
|
| |