(/home/sate/Testcases/c/cve/wireshark-1.2.0/ringbuffer.c) |
| |
| 139 | | | ringbuf_init(const char *capfile_name, guint num_files) |
| 140 | | | { |
| 141 | | | unsigned int i; |
| 142 | | | char *pfx, *last_pathsep; |
| 143 | | | gchar *save_file; |
| 144 | | | |
| 145 | | | rb_data.files = NULL; |
| 146 | | | rb_data.curr_file_num = 0; |
| 147 | | | rb_data.fprefix = NULL; |
| 148 | | | rb_data.fsuffix = NULL; |
| 149 | | | rb_data.unlimited = FALSE; |
| 150 | | | rb_data.fd = -1; |
| 151 | | | rb_data.pdh = NULL; |
| 152 | | | |
| 153 | | | |
| 154 | | | if (num_files <= RINGBUFFER_MAX_NUM_FILES) { |
Event 1:
Taking false branch. num_files <= 10000 evaluates to false.
hide
|
|
| 155 | | | rb_data.num_files = num_files; |
| 156 | | | } else { |
| 157 | | | rb_data.num_files = RINGBUFFER_MAX_NUM_FILES; |
| 158 | | | } |
| 159 | | | |
| 160 | | | |
| 161 | | | if (capfile_name == NULL) { |
Event 2:
Skipping " if". capfile_name == (void *)0 evaluates to false.
hide
|
|
| 162 | | | |
| 163 | | | return -1; |
| 164 | | | } |
| 165 | | | |
| 166 | | | |
| 167 | | | |
| 168 | | | save_file = g_strdup(capfile_name); |
| 169 | | | last_pathsep = strrchr(save_file, G_DIR_SEPARATOR); |
| 170 | | | pfx = strrchr(save_file,'.'); |
| 171 | | | if (pfx != NULL && (last_pathsep == NULL || pfx > last_pathsep)) { |
Event 4:
Taking false branch. pfx != (void *)0 evaluates to false.
hide
|
|
| 172 | | | |
| 173 | | | |
| 174 | | | |
| 175 | | | |
| 176 | | | |
| 177 | | | |
| 178 | | | |
| 179 | | | |
| 180 | | | |
| 181 | | | |
| 182 | | | pfx[0] = '\0'; |
| 183 | | | rb_data.fprefix = g_strdup(save_file); |
| 184 | | | pfx[0] = '.'; |
| 185 | | | rb_data.fsuffix = g_strdup(pfx); |
| 186 | | | } else { |
| 187 | | | |
| 188 | | | |
| 189 | | | rb_data.fprefix = g_strdup(save_file); |
| 190 | | | rb_data.fsuffix = NULL; |
| 191 | | | } |
| 192 | | | g_free(save_file); |
| 193 | | | save_file = NULL; |
| 194 | | | |
| 195 | | | |
| 196 | | | |
| 197 | | | |
| 198 | | | if (num_files == RINGBUFFER_UNLIMITED_FILES) { |
Event 7:
Skipping " if". num_files == 0 evaluates to false.
hide
|
|
| 199 | | | rb_data.unlimited = TRUE; |
| 200 | | | rb_data.num_files = 1; |
| 201 | | | } |
| 202 | | | |
| 203 | | | rb_data.files = g_malloc(rb_data.num_files * sizeof(rb_file)); |
| 204 | | | if (rb_data.files == NULL) { |
Event 9:
Skipping " if". rb_data.files == (void *)0 evaluates to false.
hide
|
|
| 205 | | | return -1; |
| 206 | | | } |
| 207 | | | |
| 208 | | | for (i=0; i < rb_data.num_files; i++) { |
| 209 | | | rb_data.files[i].name = NULL; |
| 210 | | | } |
| 211 | | | |
| 212 | | | |
| 213 | [+] | | if (ringbuf_open_file(&rb_data.files[0], NULL) == -1) { |
Event 11:
NULL is passed to ringbuf_open_file() as the second argument. - Dereferenced later, causing the null pointer dereference.
hide
|
|
 |
| |