CPPCheck Dec 29

chris ahrendt celticht32 at yahoo.com
Tue Dec 29 21:55:10 CST 2009


I just ran CPP check this evening and got the following :


rpcrt4/rpc_transport.c	490	 (error) Uninitialized variable	 smb_floor
	761	 (error) Uninitialized variable	 pipe_floor
	885	 (error) Uninitialized variable	 tcp_floor



If you look at the code :


static size_t rpcrt4_ncacn_np_get_top_of_tower(unsigned char *tower_data,
                                                const char *networkaddr,
                                                const char *endpoint)
{
     twr_empty_floor_t *smb_floor;
     twr_empty_floor_t *nb_floor;
     size_t size;
     size_t networkaddr_size;
     size_t endpoint_size;

     TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);

     networkaddr_size = networkaddr ? strlen(networkaddr) + 1 : 1;
     endpoint_size = endpoint ? strlen(endpoint) + 1 : 1;
     size = sizeof(*smb_floor) + endpoint_size + sizeof(*nb_floor) + networkaddr_size;

     if (!tower_data)
         return size;


It is correct in that these three are not initialised and could point to anything on the local stack.
Additionally if you look above  you can get potentially a bogus return..


Additionally for tcp_floor:

static size_t rpcrt4_ip_tcp_get_top_of_tower(unsigned char *tower_data,
                                              const char *networkaddr,
                                              unsigned char tcp_protid,
                                              const char *endpoint)
{
     twr_tcp_floor_t *tcp_floor;
     twr_ipv4_floor_t *ipv4_floor;
     struct addrinfo *ai;
     struct addrinfo hints;
     int ret;
     size_t size = sizeof(*tcp_floor) + sizeof(*ipv4_floor);

     TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);

     if (!tower_data)
         return size;


Same problem here as well



Chris






      



More information about the wine-devel mailing list