(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/profinet/packet-dcom-cba-acco.c) |
| |
| 2367 | | | dissect_ICBAAccoServerSRT_DisconnectCR_rqst(tvbuff_t *tvb, int offset, |
| 2368 | | | packet_info *pinfo, proto_tree *tree, guint8 *drep) |
| 2369 | | | { |
| 2370 | | | guint32 u32Count; |
| 2371 | | | guint32 u32ArraySize; |
| 2372 | | | guint32 u32Idx; |
| 2373 | | | guint32 u32ProvCRID; |
| 2374 | | | proto_item *item; |
| 2375 | | | dcerpc_info *info = (dcerpc_info *)pinfo->private_data; |
| 2376 | | | cba_ldev_t *prov_ldev; |
| 2377 | | | cba_frame_t *frame; |
| 2378 | | | server_frame_call_t *call; |
| 2379 | | | |
| 2380 | | | |
| 2381 | | | offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); |
| 2382 | | | |
| 2383 | | | |
| 2384 | | | prov_ldev = cba_ldev_find(pinfo, pinfo->net_dst.data, &info->call_data->object_uuid); |
| 2385 | | | |
| 2386 | | | item = proto_tree_add_boolean (tree, hf_cba_acco_srt_call, tvb, offset, 0, TRUE); |
Event 1:
!0 evaluates to true.
hide
|
|
| 2387 | | | PROTO_ITEM_SET_GENERATED(item);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
325 | #define PROTO_ITEM_SET_GENERATED(proto_item) \ |
326 | ((proto_item) ? FI_SET_FLAG((proto_item)->finfo, FI_GENERATED) : 0) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
246 | #define FI_SET_FLAG(fi, flag) (fi->flags = fi->flags | flag) |
| |
|
Event 2:
item evaluates to false.
hide
|
|
| 2388 | | | pinfo->profinet_type = 4; |
| 2389 | | | |
| 2390 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, |
| 2391 | | | hf_cba_acco_count, &u32Count); |
| 2392 | | | |
| 2393 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, |
| 2394 | [+] | | &u32ArraySize); |
Event 3:
dissect_dcom_dcerpc_array_size() does not initialize u32ArraySize. - This may be because of a failure case or other special case for dissect_dcom_dcerpc_array_size().
hide
|
|
 |
| 2395 | | | |
| 2396 | | | |
| 2397 | | | if(prov_ldev != NULL) { |
Event 7:
Taking false branch. prov_ldev != (void *)0 evaluates to false.
hide
|
|
| 2398 | | | call = se_alloc(sizeof(server_frame_call_t) + u32ArraySize * sizeof(cba_frame_t *)); |
| 2399 | | | call->frame_count = 0; |
| 2400 | | | call->frames = (cba_frame_t **) (call+1); |
| 2401 | | | info->call_data->private_data = call; |
| 2402 | | | } else{ |
| 2403 | | | call = NULL; |
| 2404 | | | } |
| 2405 | | | |
| 2406 | | | u32Idx = 1; |
| 2407 | | | while (u32ArraySize--) { |
Uninitialized Variable
u32ArraySize was not initialized. The issue can occur if the highlighted code executes. See related events 3 and 5. Show: All events | Only primary events |
|
| |