On 30/12/09 03:55, chris ahrendt wrote:
I just ran CPP check this evening and got the following :
rpcrt4/rpc_transport.c 490 (error) Uninitialized variable smb_floor
761 (error) Uninitialized variable pipe_floor
885 (error) Uninitialized variable tcp_floor
If you look at the code :
static size_t rpcrt4_ncacn_np_get_top_of_tower(unsigned char *tower_data,
const char *networkaddr,
const char *endpoint)
{
twr_empty_floor_t *smb_floor;
twr_empty_floor_t *nb_floor;
size_t size;
size_t networkaddr_size;
size_t endpoint_size;
TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);
networkaddr_size = networkaddr ? strlen(networkaddr) + 1 : 1;
endpoint_size = endpoint ? strlen(endpoint) + 1 : 1;
size = sizeof(*smb_floor) + endpoint_size + sizeof(*nb_floor) +
networkaddr_size;
if (!tower_data)
return size;
It is correct in that these three are not initialised and could point to
anything on the local stack.
Additionally if you look above you can get potentially a bogus return..
Additionally for tcp_floor:
static size_t rpcrt4_ip_tcp_get_top_of_tower(unsigned char *tower_data,
const char *networkaddr,
unsigned char tcp_protid,
const char *endpoint)
{
twr_tcp_floor_t *tcp_floor;
twr_ipv4_floor_t *ipv4_floor;
struct addrinfo *ai;
struct addrinfo hints;
int ret;
size_t size = sizeof(*tcp_floor) + sizeof(*ipv4_floor);
TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);
if (!tower_data)
return size;
Same problem here as well
Chris
Looks like a CPPCheck bug, sizeof is a unary operator and not a
function, those variables never get dereferenced. The ()s in those
expressions are actually unneeded as sizeof only needs them for type
names and not variables.
Alasdair
