(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/tvbparse.c) |
| |
| 1380 | | | void tvbparse_tree_add_elem(proto_tree* tree, tvbparse_elem_t* curr) { |
| 1381 | | | ep_stack_t stack = ep_stack_new(); |
| 1382 | | | struct _elem_tree_stack_frame* frame = ep_alloc(sizeof(struct _elem_tree_stack_frame)); |
| 1383 | | | proto_item* pi; |
| 1384 | | | frame->tree = tree; |
| 1385 | | | frame->elem = curr; |
| 1386 | | | |
| 1387 | | | while (curr) { |
Event 1:
Performing all but the last two loop iterations.
hide
Event 2:
Continuing from loop body. Entering loop body. curr evaluates to true.
hide
|
|
| 1388 | | | pi = proto_tree_add_text(frame->tree,curr->tvb,curr->offset,curr->len,"%s",tvb_format_text(curr->tvb,curr->offset,curr->len)); |
| 1389 | | | |
| 1390 | | | if(curr->sub) { |
Event 3:
Skipping " if". curr->sub evaluates to false.
hide
|
|
| 1391 | | | frame->elem = curr; |
| 1392 | | | ep_stack_push(stack,frame); |
| 1393 | | | frame = ep_alloc(sizeof(struct _elem_tree_stack_frame)); |
| 1394 | | | frame->tree = proto_item_add_subtree(pi,0); |
| 1395 | | | curr = curr->sub; |
| 1396 | | | continue; |
| 1397 | | | } |
| 1398 | | | |
| 1399 | | | curr = curr->next; |
| 1400 | | | |
| 1401 | | | while( !curr && ep_stack_peek(stack) ) { |
| 1402 | [+] | | frame = ep_stack_pop(stack); |
 |
| 1403 | | | curr = frame->elem->next; |
Null Pointer Dereference
frame is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 8. Show: All events | Only primary events |
|
| |