(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-synphasor.c) |
| |
| 658 | | | static gint (tvbuff_t *tvb, proto_tree *tree) |
| 659 | | | { |
| 660 | | | proto_tree *temp_tree; |
| 661 | | | proto_item *temp_item; |
| 662 | | | |
| 663 | | | gint offset = 0; |
| 664 | | | guint16 framesize, idcode; |
| 665 | | | |
| 666 | | | |
| 667 | | | temp_item = proto_tree_add_item(tree, hf_sync, tvb, offset, 2, FALSE); |
| 668 | | | temp_tree = proto_item_add_subtree(temp_item, ett_frtype); |
| 669 | | | proto_tree_add_item(temp_tree, hf_sync_frtype, tvb, offset, 2, FALSE); |
| 670 | | | proto_tree_add_item(temp_tree, hf_sync_version, tvb, offset, 2, FALSE); |
| 671 | | | offset += 2; |
| 672 | | | |
| 673 | | | |
| 674 | | | proto_tree_add_item(tree, hf_frsize, tvb, offset, 2, FALSE); |
| 675 | | | framesize = tvb_get_ntohs(tvb, offset); offset += 2; |
| 676 | | | |
| 677 | | | |
| 678 | | | proto_tree_add_item(tree, hf_idcode, tvb, offset, 2, FALSE); |
| 679 | | | idcode = tvb_get_ntohs(tvb, offset); offset += 2; |
| 680 | | | |
| 681 | | | |
| 682 | | | { |
| 683 | | | |
| 684 | | | char buf[20]; |
| 685 | | | struct tm* t; |
| 686 | | | time_t soc = tvb_get_ntohl(tvb, offset); |
| 687 | | | t = gmtime(&soc); |
Event 1:
gmtime() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 2:
t is set to gmtime(&soc), which evaluates to NULL. See related event 1.
hide
|
|
| 688 | | | strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", t); |
Event 3:
t, which evaluates to NULL, is passed to strftime() as the fourth argument. See related event 2.
hide
Null Pointer Dereference
The body of strftime() dereferences t, but it is NULL. The issue can occur if the highlighted code executes. See related event 3. Show: All events | Only primary events |
|
| |