(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-icq.c) |
| |
| 957 | | | icqv5_cmd_login(proto_tree* tree, tvbuff_t *tvb, int offset, int size) |
| 958 | | | { |
| 959 | | | proto_item* ti; |
| 960 | | | proto_tree* subtree; |
| 961 | | | time_t theTime; |
| 962 | | | char *aTime; |
| 963 | | | guint32 port; |
| 964 | | | guint32 passwdLen; |
| 965 | | | const guchar *ipAddrp; |
| 966 | | | guint32 status; |
| 967 | | | |
| 968 | | | if (tree) { |
Event 1:
Taking true branch. tree evaluates to true.
hide
|
|
| 969 | | | ti = proto_tree_add_text(tree, tvb, offset, size, "Body"); |
| 970 | | | subtree = proto_item_add_subtree(ti, ett_icq_body); |
| 971 | | | theTime = tvb_get_letohl(tvb, offset + CMD_LOGIN_TIME); |
| 972 | | | aTime = ctime(&theTime); |
Event 2:
ctime() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 3:
aTime is set to ctime(&theTime), which evaluates to NULL. See related event 2.
hide
|
|
| 973 | | | aTime[strlen(aTime)-1] = '\0'; |
Event 4:
aTime, which evaluates to NULL, is passed to __builtin_strlen(). See related event 3.
hide
Null Pointer Dereference
The body of __builtin_strlen() dereferences aTime, but it is NULL. The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| |