On 30/12/09 03:55, chris ahrendt wrote:

I just ran CPP check this evening and got the following :

rpcrt4/rpc_transport.c 490 (error) Uninitialized variable smb_floor 761 (error) Uninitialized variable pipe_floor 885 (error) Uninitialized variable tcp_floor

If you look at the code :

static size_t rpcrt4_ncacn_np_get_top_of_tower(unsigned char *tower_data, const char *networkaddr, const char *endpoint) { twr_empty_floor_t *smb_floor; twr_empty_floor_t *nb_floor; size_t size; size_t networkaddr_size; size_t endpoint_size;

  TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);

  networkaddr_size = networkaddr ? strlen(networkaddr) + 1 : 1;
  endpoint_size = endpoint ? strlen(endpoint) + 1 : 1;
  size = sizeof(*smb_floor) + endpoint_size + sizeof(*nb_floor) + networkaddr_size;

  if (!tower_data)
      return size;

It is correct in that these three are not initialised and could point to anything on the local stack. Additionally if you look above you can get potentially a bogus return..

Additionally for tcp_floor:

static size_t rpcrt4_ip_tcp_get_top_of_tower(unsigned char *tower_data, const char *networkaddr, unsigned char tcp_protid, const char *endpoint) { twr_tcp_floor_t *tcp_floor; twr_ipv4_floor_t *ipv4_floor; struct addrinfo *ai; struct addrinfo hints; int ret; size_t size = sizeof(*tcp_floor) + sizeof(*ipv4_floor);

  TRACE("(%p, %s, %s)\n", tower_data, networkaddr, endpoint);

  if (!tower_data)
      return size;

Same problem here as well

Chris

Looks like a CPPCheck bug, sizeof is a unary operator and not a function, those variables never get dereferenced. The ()s in those expressions are actually unneeded as sizeof only needs them for type names and not variables.

Alasdair