(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dcom.c) |
| |
| 1699 | | | dissect_dcom_BSTR(tvbuff_t *tvb, gint offset, packet_info *pinfo, |
| 1700 | | | proto_tree *tree, guint8 *drep, int hfindex, |
| 1701 | | | gchar *pszStr, guint32 u32MaxStr) |
| 1702 | | | { |
| 1703 | | | guint32 u32MaxCount; |
| 1704 | | | guint32 u32ArraySize; |
| 1705 | | | guint32 u32StrStart; |
| 1706 | | | proto_item *sub_item; |
| 1707 | | | proto_tree *sub_tree; |
| 1708 | | | guint32 u32SubStart; |
| 1709 | | | guint32 u32ByteLength; |
| 1710 | | | guint32 u32RealOffset; |
| 1711 | | | gboolean isPrintable; |
| 1712 | | | |
| 1713 | | | |
| 1714 | | | if (offset % 4) { |
Event 1:
Skipping " if". offset % 4 evaluates to false.
hide
|
|
| 1715 | | | offset += 4 - (offset % 4); |
| 1716 | | | } |
| 1717 | | | |
| 1718 | | | |
| 1719 | | | sub_item = proto_tree_add_string(tree, hfindex, tvb, offset, 0, ""); |
| 1720 | | | sub_tree = proto_item_add_subtree(sub_item, ett_dcom_lpwstr); |
| 1721 | | | u32SubStart = offset; |
| 1722 | | | |
| 1723 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep, |
| 1724 | | | hf_dcom_max_count, &u32MaxCount); |
| 1725 | | | offset = dissect_dcom_DWORD(tvb, offset, pinfo, sub_tree, drep, |
| 1726 | | | hf_dcom_byte_length, &u32ByteLength); |
| 1727 | | | offset = dissect_dcom_dcerpc_array_size(tvb, offset, pinfo, sub_tree, drep, |
| 1728 | [+] | | &u32ArraySize); |
Event 2:
dissect_dcom_dcerpc_array_size() does not initialize u32ArraySize. - This may be because of a failure case or other special case for dissect_dcom_dcerpc_array_size().
hide
|
|
 |
| 1729 | | | |
| 1730 | | | u32RealOffset = offset + u32ArraySize*2; |
Uninitialized Variable
u32ArraySize was not initialized. The issue can occur if the highlighted code executes. See related events 2 and 4. Show: All events | Only primary events |
|
| |