(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/sigcomp_state_hdlr.c) |
| |
| 680 | | | int udvm_state_access(tvbuff_t *tvb, proto_tree *tree,guint8 *buff,guint16 p_id_start, guint16 p_id_length, guint16 state_begin, guint16 *state_length, |
| 681 | | | guint16 *state_address, guint16 *state_instruction, |
| 682 | | | gint hf_id) |
| 683 | | | { |
| 684 | | | int result_code = 0; |
| 685 | | | guint32 n; |
| 686 | | | guint16 k; |
| 687 | | | guint16 byte_copy_right; |
| 688 | | | guint16 byte_copy_left; |
| 689 | | | char partial_state[STATE_BUFFER_SIZE]; |
| 690 | | | guint8 *state_buff; |
| 691 | | | gchar *partial_state_str; |
| 692 | | | |
| 693 | | | |
| 694 | | | |
| 695 | | | |
| 696 | | | |
| 697 | | | |
| 698 | | | |
| 699 | | | |
| 700 | | | |
| 701 | | | |
| 702 | | | |
| 703 | | | |
| 704 | | | |
| 705 | | | |
| 706 | | | |
| 707 | | | if (( p_id_length < STATE_MIN_ACCESS_LEN ) || ( p_id_length > STATE_BUFFER_SIZE )){ |
Event 1:
Skipping " if". - p_id_length < 6 evaluates to false.
- p_id_length > 20 evaluates to false.
hide
|
|
| 708 | | | result_code = 1; |
| 709 | | | return result_code; |
| 710 | | | } |
| 711 | | | |
| 712 | | | n = 0; |
| 713 | | | while ( n < p_id_length && n < STATE_BUFFER_SIZE && p_id_start + n < UDVM_MEMORY_SIZE ){ |
| 714 | | | partial_state[n] = buff[p_id_start + n]; |
| 715 | | | n++; |
| 716 | | | } |
| 717 | [+] | | partial_state_str = bytes_to_str(partial_state, p_id_length); |
Event 3:
partial_state is passed to bytes_to_str() as the first argument.
hide
Event 4:
bytes_to_str() does not initialize partial_state. - This may be because of a failure case or other special case for bytes_to_str().
hide
|
|
 |
| |