(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/profinet/packet-dcom-cba-acco.c) |
| |
| 4556 | | | dissect_ICBAAccoSync_WriteItemsQCD_rqst(tvbuff_t *tvb, int offset, |
| 4557 | | | packet_info *pinfo, proto_tree *tree, guint8 *drep) |
| 4558 | | | { |
| 4559 | | | guint32 u32Count; |
| 4560 | | | guint32 u32ArraySize; |
| 4561 | | | gchar szStr[1000]; |
| 4562 | | | guint32 u32MaxStr = sizeof(szStr); |
| 4563 | | | guint32 u32Pointer; |
| 4564 | | | guint32 u32VariableOffset; |
| 4565 | | | proto_item *sub_item; |
| 4566 | | | proto_tree *sub_tree; |
| 4567 | | | guint32 u32SubStart; |
| 4568 | | | guint32 u32Idx; |
| 4569 | | | guint16 u16QC; |
| 4570 | | | |
| 4571 | | | offset = dissect_dcom_this(tvb, offset, pinfo, tree, drep); |
| 4572 | | | |
| 4573 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, tree, drep, |
| 4574 | | | hf_cba_acco_count, &u32Count); |
| 4575 | | | |
| 4576 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, tree, drep, |
| 4577 | | | &u32ArraySize); |
| 4578 | | | |
| 4579 | | | u32VariableOffset = offset + u32ArraySize * 20; |
| 4580 | | | u32Idx = 1; |
| 4581 | | | while(u32ArraySize--) { |
Event 1:
Entering loop body. u32ArraySize-- evaluates to true.
hide
|
|
| 4582 | | | sub_item = proto_tree_add_item(tree, hf_cba_writeitemin, tvb, offset, 0, FALSE); |
| 4583 | | | sub_tree = proto_item_add_subtree(sub_item, ett_cba_writeitemin); |
| 4584 | | | u32SubStart = offset; |
| 4585 | | | |
| 4586 | | | offset = dissect_dcom_dcerpc_pointer(tvb, offset, pinfo, sub_tree, drep, |
| 4587 | [+] | | &u32Pointer); |
Event 2:
dissect_dcom_dcerpc_pointer() does not initialize u32Pointer. - This may be because of a failure case or other special case for dissect_dcom_dcerpc_pointer().
hide
|
|
 |
| 4588 | | | if (u32Pointer) { |
Uninitialized Variable
u32Pointer was not initialized. The issue can occur if the highlighted code executes. See related events 2 and 4. Show: All events | Only primary events |
|
| |