(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/profinet/packet-dcom-cba-acco.c) |
| |
| 4080 | | | dissect_ICBAAccoMgt_GetConnections_resp(tvbuff_t *tvb, int offset, |
| 4081 | | | packet_info *pinfo, proto_tree *tree, guint8 *drep) |
| 4082 | | | { |
| 4083 | | | guint32 u32Count; |
| 4084 | | | guint32 u32TmpCount; |
| 4085 | | | guint32 u32Pointer; |
| 4086 | | | guint32 u32HResult; |
| 4087 | | | |
| 4088 | | | guint16 u16QoSType; |
| 4089 | | | guint16 u16QoSValue; |
| 4090 | | | guint8 u8State; |
| 4091 | | | guint16 u16Persistence; |
| 4092 | | | guint16 u16ConnVersion; |
| 4093 | | | proto_item *sub_item; |
| 4094 | | | proto_tree *sub_tree; |
| 4095 | | | guint32 u32SubStart; |
| 4096 | | | guint32 u32Idx; |
| 4097 | | | guint32 u32VariableOffset; |
| 4098 | | | gchar szProv[1000] = { 0 }; |
| 4099 | | | guint32 u32MaxProvLen = sizeof(szProv); |
| 4100 | | | gchar szProvItem[1000] = { 0 }; |
| 4101 | | | guint32 u32MaxProvItemLen = sizeof(szProvItem); |
| 4102 | | | gchar szConsItem[1000] = { 0 }; |
| 4103 | | | guint32 u32MaxConsItemLen = sizeof(szConsItem); |
| 4104 | | | |
| 4105 | | | |
| 4106 | | | offset = dissect_dcom_that(tvb, offset, pinfo, tree, drep); |
| 4107 | | | |
| 4108 | | | offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, tree, drep, |
| 4109 | | | &u32Pointer); |
| 4110 | | | |
| 4111 | | | u32VariableOffset = offset; |
| 4112 | | | |
| 4113 | | | if (u32Pointer) { |
Event 1:
Taking true branch. u32Pointer evaluates to true.
hide
|
|
| 4114 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, |
| 4115 | [+] | | hf_cba_acco_count, &u32Count); |
Event 2:
dissect_ndr_uint32() does not initialize u32Count. - This may be because of a failure case or other special case for dissect_ndr_uint32().
hide
|
|
 |
| 4116 | | | |
| 4117 | | | u32VariableOffset = offset + u32Count*36; |
Uninitialized Variable
u32Count was not initialized. The issue can occur if the highlighted code executes. See related event 2. Show: All events | Only primary events |
|
| |