(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-diameter.c) |
| |
| 534 | | | static const char* |
| 535 | | | address_v16_avp(diam_ctx_t* c, diam_avp_t* a, tvbuff_t* tvb) |
| 536 | | | { |
| 537 | | | char* label = ep_alloc(ITEM_LABEL_LENGTH+1); |
| 538 | | | address_avp_t* t = a->type_data; |
| 539 | | | proto_item* pi = proto_tree_add_item(c->tree,a->hf_value,tvb,0,tvb_length(tvb),FALSE); |
| 540 | | | proto_tree* pt = proto_item_add_subtree(pi,t->ett); |
| 541 | | | guint32 len = tvb_length(tvb); |
| 542 | | | |
| 543 | | | switch (len) { |
Event 1:
len evaluates to 16.
hide
|
|
| 544 | | | case 4: |
| 545 | | | pi = proto_tree_add_item(pt,t->hf_ipv4,tvb,0,4,FALSE); |
| 546 | | | break; |
| 547 | | | case 16: |
| 548 | [+] | | pi = proto_tree_add_item(pt,t->hf_ipv6,tvb,0,16,FALSE); |
 |
| 549 | | | break; |
| 550 | | | default: |
| 551 | | | pi = proto_tree_add_item(pt,t->hf_other,tvb,0,len,FALSE); |
| 552 | | | pt = proto_item_add_subtree(pi,t->ett); |
| 553 | | | expert_add_info_format(c->pinfo, pi, PI_MALFORMED, PI_NOTE, |
| 554 | | | "Bad Address Length (%u)", len); |
| 555 | | | |
| 556 | | | break; |
| 557 | | | } |
| 558 | | | |
| 559 | | | proto_item_fill_label(pi->finfo, label); |
Null Pointer Dereference
pi is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 6. Show: All events | Only primary events |
|
| |