(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/rtp_stream_dlg.c) |
| |
| 401 | | | rtpstream_on_filter (GtkButton *button _U_, |
| 402 | | | gpointer user_data _U_) |
| 403 | | | { |
| 404 | | | gchar *filter_string = NULL; |
| 405 | | | gchar *filter_string_fwd = NULL; |
| 406 | | | gchar *filter_string_rev = NULL; |
| 407 | | | gchar ip_version[3]; |
| 408 | | | |
| 409 | | | if (selected_stream_fwd==NULL && selected_stream_rev==NULL) |
Event 1:
Skipping " if". selected_stream_fwd == (void *)0 evaluates to false.
hide
|
|
| 410 | | | return; |
| 411 | | | |
| 412 | | | if (selected_stream_fwd) |
Event 2:
Taking true branch. selected_stream_fwd evaluates to true.
hide
|
|
| 413 | | | { |
| 414 | | | if (selected_stream_fwd->src_addr.type==AT_IPv6){ |
Event 3:
Taking false branch. selected_stream_fwd->src_addr.type == AT_IPv6 evaluates to false.
hide
|
|
| 415 | | | g_strlcpy(ip_version,"v6",sizeof(ip_version)); |
| 416 | | | } |
| 417 | | | else{ |
| 418 | | | ip_version[0] = '\0'; |
| 419 | | | } |
| 420 | | | filter_string_fwd = g_strdup_printf( |
| 421 | | | "(ip%s.src==%s && udp.srcport==%u && ip%s.dst==%s && udp.dstport==%u && rtp.ssrc==0x%X)", |
| 422 | | | ip_version, |
| 423 | | | address_to_str(&(selected_stream_fwd->src_addr)), |
| 424 | | | selected_stream_fwd->src_port, |
| 425 | | | ip_version, |
| 426 | | | address_to_str(&(selected_stream_fwd->dest_addr)), |
| 427 | | | selected_stream_fwd->dest_port, |
| 428 | | | selected_stream_fwd->ssrc); |
| 429 | | | filter_string = filter_string_fwd; |
| 430 | | | } |
| 431 | | | |
| 432 | | | if (selected_stream_rev) |
Event 5:
Taking true branch. selected_stream_rev evaluates to true.
hide
|
|
| 433 | | | { |
| 434 | | | if (selected_stream_fwd->src_addr.type==AT_IPv6){ |
Event 6:
Taking false branch. selected_stream_fwd->src_addr.type == AT_IPv6 evaluates to false.
hide
|
|
| 435 | | | g_strlcpy(ip_version,"v6",sizeof(ip_version)); |
| 436 | | | } |
| 437 | | | else{ |
| 438 | | | ip_version[0] = '\0'; |
| 439 | | | } |
| 440 | | | filter_string_rev = g_strdup_printf( |
| 441 | | | "(ip%s.src==%s && udp.srcport==%u && ip%s.dst==%s && udp.dstport==%u && rtp.ssrc==0x%X)", |
| 442 | | | ip_version, |
| 443 | | | address_to_str(&(selected_stream_rev->src_addr)), |
| 444 | | | selected_stream_rev->src_port, |
| 445 | | | ip_version, |
| 446 | | | address_to_str(&(selected_stream_rev->dest_addr)), |
| 447 | | | selected_stream_rev->dest_port, |
| 448 | | | selected_stream_rev->ssrc); |
| 449 | | | |
| 450 | | | filter_string = filter_string_rev; |
| 451 | | | |
| 452 | | | if (selected_stream_fwd) |
Null Test After Dereference
This code tests the nullness of selected_stream_fwd, which has already been dereferenced. - If selected_stream_fwd were null, there would have been a prior null pointer dereference at rtp_stream_dlg.c:434, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| 453 | | | { |
| 454 | | | filter_string = g_strdup_printf("%s || %s", filter_string, filter_string_rev); |
| 455 | | | g_free(filter_string_fwd); |
| 456 | | | g_free(filter_string_rev); |
| 457 | | | } |
| 458 | | | } |
| 459 | | | |
| 460 | | | gtk_entry_set_text(GTK_ENTRY(main_display_filter_widget), filter_string);
x /usr/include/gtk-2.0/gtk/gtkentry.h |
| |
51 | #define GTK_ENTRY(obj) (G_TYPE_CHECK_INSTANCE_CAST ((obj), GTK_TYPE_ENTRY, GtkEntry)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
482 | #define G_TYPE_CHECK_INSTANCE_CAST(instance, g_type, c_type) (_G_TYPE_CIC ((instance), (g_type), c_type)) |
| |
x /usr/include/glib-2.0/gobject/gtype.h |
| |
1678 | # define _G_TYPE_CIC(ip, gt, ct) \ |
1679 | ((ct*) g_type_check_instance_cast ((GTypeInstance*) ip, gt)) |
| |
x /usr/include/gtk-2.0/gtk/gtkentry.h |
| |
50 | #define GTK_TYPE_ENTRY (gtk_entry_get_type ()) |
| |
|
| 461 | | | g_free(filter_string); |
| 462 | | | |
| 463 | | | |
| 464 | | | |
| 465 | | | |
| 466 | | | |
| 467 | | | } |
| |