(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-l1-events.c) |
| |
| 55 | | | dissect_l1_events(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) |
| 56 | | | { |
| 57 | | | proto_tree *subtree; |
| 58 | | | proto_item *ti; |
| 59 | | | gint offset = 0, next_offset; |
| 60 | | | gint len; |
| 61 | | | const char *data_name; |
| 62 | | | |
| 63 | | | data_name = pinfo->match_string; |
| 64 | | | if (! (data_name && data_name[0])) { |
Event 1:
Taking true branch. - data_name evaluates to true.
- data_name[0] evaluates to false.
hide
|
|
| 65 | | | |
| 66 | | | |
| 67 | | | |
| 68 | | | data_name = (char *)(pinfo->private_data); |
| 69 | | | if (! (data_name && data_name[0])) { |
Event 2:
Skipping " if". - data_name evaluates to true.
- data_name[0] evaluates to true.
hide
|
|
| 70 | | | |
| 71 | | | |
| 72 | | | |
| 73 | | | data_name = NULL; |
| 74 | | | } |
| 75 | | | } |
| 76 | | | |
| 77 | | | if (check_col(pinfo->cinfo, COL_PROTOCOL)) |
Event 4:
Skipping " if". check_col(...) evaluates to false.
hide
|
|
| 78 | | | col_set_str(pinfo->cinfo, COL_PROTOCOL, "Layer1"); |
| 79 | | | if (check_col(pinfo->cinfo, COL_DEF_SRC)) |
Event 5:
Skipping " if". check_col(...) evaluates to false.
hide
|
|
| 80 | | | col_set_str(pinfo->cinfo, COL_DEF_SRC, |
| 81 | | | pinfo->->l1event.uton? "TE" : "NT"); |
| 82 | | | if (check_col(pinfo->cinfo, COL_INFO)) { |
Event 6:
Skipping " if". check_col(...) evaluates to false.
hide
|
|
| 83 | | | len = tvb_find_line_end(tvb, 0, |
| 84 | | | tvb_ensure_length_remaining(tvb, 0), |
| 85 | | | &next_offset, FALSE); |
| 86 | | | if(len>0) |
| 87 | | | col_set_str(pinfo->cinfo, COL_INFO, |
| 88 | | | tvb_format_text(tvb, 0, len)); |
| 89 | | | } |
| 90 | | | if (tree) { |
Event 7:
Taking true branch. tree evaluates to true.
hide
|
|
| 91 | | | ti = proto_tree_add_item(tree, proto_l1_events, |
| 92 | | | tvb, 0, -1, FALSE); |
| 93 | | | if (data_name) |
Null Test After Dereference
This code tests the nullness of data_name, which has already been dereferenced. - If data_name were null, there would have been a prior null pointer dereference at packet-l1-events.c:69, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 3. Show: All events | Only primary events |
|
| 94 | | | proto_item_append_text(ti, ": %s", data_name); |
| 95 | | | subtree = proto_item_add_subtree(ti, ett_l1_events); |
| 96 | | | |
| 97 | | | while (tvb_reported_length_remaining(tvb, offset) != 0) { |
| 98 | | | |
| 99 | | | |
| 100 | | | |
| 101 | | | |
| 102 | | | |
| 103 | | | |
| 104 | | | |
| 105 | | | |
| 106 | | | |
| 107 | | | len = tvb_find_line_end(tvb, offset, |
| 108 | | | tvb_ensure_length_remaining(tvb, offset), |
| 109 | | | &next_offset, FALSE); |
| 110 | | | if (len == -1) |
| 111 | | | break; |
| 112 | | | |
| 113 | | | |
| 114 | | | |
| 115 | | | |
| 116 | | | |
| 117 | | | proto_tree_add_text(subtree, tvb, offset, next_offset - offset, |
| 118 | | | "%s", tvb_format_text(tvb, offset, |
| 119 | | | next_offset - offset)); |
| 120 | | | offset = next_offset; |
| 121 | | | } |
| 122 | | | } |
| 123 | | | } |
| |