(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 3130 | | | PRIVATE FILE *tplt_open(struct lemon *lemp) |
| 3131 | | | { |
| 3132 | | | static char templatename[] = "lempar.c"; |
| 3133 | | | char* buf; |
| 3134 | | | FILE *in; |
| 3135 | | | char *tpltname = NULL; |
| 3136 | | | char *cp; |
| 3137 | | | |
| 3138 | | | if (lemp->templatename) { |
Event 1:
Taking true branch. lemp->templatename evaluates to true.
hide
|
|
| 3139 | | | tpltname = strdup(lemp->templatename); |
Event 2:
strdup() returns NULL. - Determines the freed value in the Free Null Pointer warning later.
hide
Event 3:
tpltname is set to strdup(lemp->templatename), which evaluates to NULL. See related event 2.
hide
|
|
| 3140 | | | } |
| 3141 | | | else { |
| 3142 | | | cp = strrchr(lemp->filename,'.'); |
| 3143 | | | buf = malloc(1000); |
| 3144 | | | if( cp ){ |
| 3145 | | | sprintf(buf,"%.*s.lt",(int)(cp - lemp->filename),lemp->filename); |
| 3146 | | | }else{ |
| 3147 | | | sprintf(buf,"%s.lt",lemp->filename); |
| 3148 | | | } |
| 3149 | | | if( access(buf,004)==0 ){ |
| 3150 | | | tpltname = buf; |
| 3151 | | | }else if( access(templatename,004)==0 ){ |
| 3152 | | | tpltname = templatename; |
| 3153 | | | }else{ |
| 3154 | | | tpltname = pathsearch(lemp->argv0,templatename,0); |
| 3155 | | | free(buf); |
| 3156 | | | } |
| 3157 | | | } |
| 3158 | | | if( tpltname==0 ){ |
Event 4:
Taking true branch. tpltname == 0 evaluates to true.
hide
|
|
| 3159 | | | fprintf(stderr,"Can't find the parser driver template file \"%s\".\n", |
| 3160 | | | templatename); |
| 3161 | | | lemp->errorcnt++; |
| 3162 | | | free(tpltname); |
Event 5:
tpltname, which evaluates to NULL, is passed to free(). See related event 3.
hide
Free Null Pointer
tpltname is not a valid address. - tpltname evaluates to NULL.
- Some older implementations of free() have unsafe behavior on NULL pointers.
The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |