(/home/sate/Testcases/c/cve/wireshark-1.2.0/tap-protohierstat.c) |
| |
| 75 | | | protohierstat_packet(void *prs, packet_info *pinfo, epan_dissect_t *edt, const void *dummy _U_) |
| 76 | | | { |
| 77 | | | phs_t *rs=prs; |
| 78 | | | phs_t *tmprs; |
| 79 | | | proto_tree *tree; |
| 80 | | | field_info *fi; |
| 81 | | | |
| 82 | | | if(!edt){ |
Event 1:
Skipping " if". edt evaluates to true.
hide
|
|
| 83 | | | return 0; |
| 84 | | | } |
| 85 | | | if(!edt->tree){ |
Event 2:
Skipping " if". edt->tree evaluates to true.
hide
|
|
| 86 | | | return 0; |
| 87 | | | } |
| 88 | | | if(!edt->tree->first_child){ |
Event 3:
Skipping " if". edt->tree->first_child evaluates to true.
hide
|
|
| 89 | | | return 0; |
| 90 | | | } |
| 91 | | | |
| 92 | | | for(tree=edt->tree->first_child;tree;tree=tree->next){ |
Event 4:
Entering loop body. tree evaluates to true.
hide
|
|
| 93 | | | fi=PITEM_FINFO(tree); |
| 94 | | | |
| 95 | | | |
| 96 | | | if(rs->protocol==-1){ |
Event 5:
Skipping " if". rs->protocol == -1 evaluates to false.
hide
|
|
| 97 | | | rs->protocol=fi->hfinfo->id; |
| 98 | | | rs->proto_name=fi->hfinfo->abbrev; |
| 99 | | | rs->frames=1; |
| 100 | | | rs->bytes=pinfo->fd->pkt_len; |
| 101 | | | rs->child=new_phs_t(rs); |
| 102 | | | rs=rs->child; |
| 103 | | | continue; |
| 104 | | | } |
| 105 | | | |
| 106 | | | |
| 107 | | | for(tmprs=rs;tmprs;tmprs=tmprs->sibling){ |
Event 6:
Entering loop body. tmprs evaluates to true.
hide
|
|
| 108 | | | if(tmprs->protocol==fi->hfinfo->id){ |
Event 7:
Taking true branch. tmprs->protocol == fi->hfinfo->id evaluates to true.
hide
|
|
| 109 | | | break; |
| 110 | | | } |
| 111 | | | } |
| 112 | | | |
| 113 | | | |
| 114 | | | if(!tmprs){ |
Null Test After Dereference
This code tests the nullness of tmprs, which has already been dereferenced. - If tmprs were null, there would have been a prior null pointer dereference at tap-protohierstat.c:108, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 8. Show: All events | Only primary events |
|
| 115 | | | for(tmprs=rs;tmprs->sibling;tmprs=tmprs->sibling) |
| 116 | | | ; |
| 117 | | | tmprs->sibling=new_phs_t(rs->parent); |
| 118 | | | rs=tmprs->sibling; |
| 119 | | | rs->protocol=fi->hfinfo->id; |
| 120 | | | rs->proto_name=fi->hfinfo->abbrev; |
| 121 | | | } else { |
| 122 | | | rs=tmprs; |
| 123 | | | } |
| 124 | | | |
| 125 | | | rs->frames++; |
| 126 | | | rs->bytes+=pinfo->fd->pkt_len; |
| 127 | | | |
| 128 | | | if(!rs->child){ |
| 129 | | | rs->child=new_phs_t(rs); |
| 130 | | | } |
| 131 | | | rs=rs->child; |
| 132 | | | } |
| 133 | | | return 1; |
| 134 | | | } |
| |