(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/wlan_stat_dlg.c) |
| |
| 360 | | | wlanstat_packet (void *phs, packet_info *pinfo, epan_dissect_t *edt _U_, const void *phi) |
| 361 | | | { |
| 362 | | | |
| 363 | | | wlanstat_t *hs = (wlanstat_t *)phs; |
| 364 | | | wlan_ep_t *tmp = NULL, *te = NULL; |
| 365 | | | struct _wlan_hdr *si = (struct _wlan_hdr *) phi; |
| 366 | | | |
| 367 | | | if (!hs) |
Event 1:
Skipping " if". hs evaluates to true.
hide
|
|
| 368 | | | return (0); |
| 369 | | | |
| 370 | | | hs->number_of_packets++; |
| 371 | | | if (!hs->ep_list) { |
Event 2:
Taking false branch. hs->ep_list evaluates to true.
hide
|
|
| 372 | | | hs->ep_list = alloc_wlan_ep (si, pinfo); |
| 373 | | | te = hs->ep_list; |
| 374 | | | } else { |
| 375 | | | for (tmp = hs->ep_list; tmp; tmp = tmp->next) { |
Event 3:
Entering loop body. tmp evaluates to true.
hide
Event 5:
Continuing from loop body. Leaving loop. tmp evaluates to false.
hide
|
|
| 376 | | | if (((si->type == 0x04) && |
Event 4:
Skipping " if". - si->type == 4 evaluates to false.
- si->type != 4 evaluates to true.
- (&tmp->bssid)->type > (&si->bssid)->type evaluates to true.
- (&tmp->bssid)->type > (&si->bssid)->type ? 1 : (&tmp->bssid)->type < (&si->bssid)->type ? -1 : (&tmp->bssid)->len > (&si->bssid)->len ? 1 : (&tmp->bssid)->len < (&si->bssid)->len ? -1 : memcmp(...) evaluates to true.
hide
|
|
| 377 | | | (((tmp->stats.ssid_len == 0) && (si->stats.ssid_len == 0) && |
| 378 | | | (strcmp (get_addr_name(&tmp->bssid), "Broadcast") == 0)) || |
| 379 | | | (si->stats.ssid_len != 0 && |
| 380 | | | (tmp->stats.ssid_len == si->stats.ssid_len) && |
| 381 | | | (memcmp (tmp->stats.ssid, si->stats.ssid, si->stats.ssid_len) == 0)))) || |
| 382 | | | ((si->type != 0x04) && |
| 383 | | | (!CMP_ADDRESS (&tmp->bssid, &si->bssid)))) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
78 | #define CMP_ADDRESS(addr1, addr2) \ |
79 | ( ((addr1)->type > (addr2)->type)?1: \ |
80 | ((addr1)->type < (addr2)->type)?-1: \ |
81 | ((addr1)->len > (addr2)->len) ?1: \ |
82 | ((addr1)->len < (addr2)->len) ?-1: \ |
83 | memcmp((addr1)->data, (addr2)->data, (addr1)->len)\ |
84 | ) |
| |
|
| 384 | | | te = tmp; |
| 385 | | | break; |
| 386 | | | } |
| 387 | | | } |
| 388 | | | |
| 389 | | | if (!te) { |
Event 6:
Taking true branch. te evaluates to false.
hide
|
|
| 390 | [+] | | if ((te = alloc_wlan_ep (si, pinfo))) { |
 |
| 391 | | | te->next = hs->ep_list; |
| 392 | | | hs->ep_list = te; |
| 393 | | | } |
| 394 | | | } |
| 395 | | | |
| 396 | | | if (!te->probe_req_searched && (si->type != 0x04) && (te->type[0x04] == 0) && |
Null Pointer Dereference
te is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 11. Show: All events | Only primary events |
|
| |