(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-wcp.c) |
| |
| 473 | | | static tvbuff_t *wcp_uncompress( tvbuff_t *src_tvb, int offset, packet_info *pinfo, proto_tree *tree) { |
| 474 | | | |
| 475 | | | |
| 476 | | | |
| 477 | | | proto_tree *sub_tree; |
| 478 | | | proto_item *ti; |
| 479 | | | |
| 480 | | | int len=0, i = -1; |
| 481 | | | int cnt = tvb_reported_length( src_tvb)-1; |
| 482 | | | |
| 483 | | | guint8 *dst, *src, *buf_start, *buf_end, *tmp, comp_flag_bits = 0; |
| 484 | | | guint8 src_buf[ MAX_WCP_BUF_LEN]; |
| 485 | | | tvbuff_t *volatile tvb = 0; |
| 486 | | | wcp_window_t *buf_ptr = 0; |
| 487 | | | wcp_pdata_t *volatile pdata_ptr; |
| 488 | | | volatile gboolean bounds_error = FALSE; |
| 489 | | | |
| 490 | | | buf_ptr = get_wcp_window_ptr( pinfo); |
| 491 | | | |
| 492 | | | buf_start = buf_ptr->buffer; |
| 493 | | | buf_end = buf_start + MAX_WIN_BUF_LEN;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-wcp.c |
| |
113 | #define MAX_WIN_BUF_LEN 0x7fff /* storage size for decompressed data */ |
| |
|
| 494 | | | tmp = buf_ptr->buf_cur; |
| 495 | | | |
| 496 | | | if (cnt - offset > MAX_WCP_BUF_LEN) { |
| 497 | | | if (tree) |
| 498 | | | proto_tree_add_text( tree, src_tvb, offset, -1, |
| 499 | | | "Compressed data exceeds maximum buffer length (%d > %d)", |
| 500 | | | cnt - offset, MAX_WCP_BUF_LEN); |
| 501 | | | return NULL; |
| 502 | | | } |
| 503 | | | |
| 504 | | | src = tvb_memcpy(src_tvb, src_buf, offset, cnt - offset); |
| 505 | | | dst = buf_ptr->buf_cur; |
| 506 | | | |
| 507 | | | while( offset++ < cnt){ |
| 508 | | | |
| 509 | | | if ( --i >= 0){ |
| 510 | | | if ( comp_flag_bits & 0x80){ |
| 511 | | | |
| 512 | | | if ( !pinfo->fd->flags.visited){ |
| 513 | | | dst = decompressed_entry( src, dst, &len, buf_start, buf_end); |
| 514 | | | } |
| 515 | | | if ((*src & 0xf0) == 0x10){ |
| 516 | | | if ( tree) { |
| 517 | | | ti = proto_tree_add_item( tree, hf_wcp_long_run, src_tvb, |
| 518 | | | offset-1, 3, 0); |
| 519 | | | sub_tree = proto_item_add_subtree(ti, ett_wcp_field); |
| 520 | | | proto_tree_add_uint(sub_tree, hf_wcp_offset, src_tvb, |
| 521 | | | offset-1, 2, pntohs(src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
37 | #define pntohs(p) ((guint16) \ |
38 | ((guint16)*((const guint8 *)(p)+0)<<8| \ |
39 | (guint16)*((const guint8 *)(p)+1)<<0)) |
| |
|
| 522 | | | |
| 523 | | | proto_tree_add_item( sub_tree, hf_wcp_long_len, src_tvb, |
| 524 | | | offset+1, 1, pntohs(src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
37 | #define pntohs(p) ((guint16) \ |
38 | ((guint16)*((const guint8 *)(p)+0)<<8| \ |
39 | (guint16)*((const guint8 *)(p)+1)<<0)) |
| |
|
| 525 | | | } |
| 526 | | | src += 3; |
| 527 | | | offset += 2; |
| 528 | | | }else{ |
| 529 | | | if ( tree) { |
| 530 | | | ti = proto_tree_add_item( tree, hf_wcp_short_run, src_tvb, |
| 531 | | | offset - 1, 2, *src); |
| 532 | | | sub_tree = proto_item_add_subtree(ti, ett_wcp_field); |
| 533 | | | proto_tree_add_item( sub_tree, hf_wcp_short_len, src_tvb, |
| 534 | | | offset-1, 1, *src); |
| 535 | | | proto_tree_add_uint(sub_tree, hf_wcp_offset, src_tvb, |
| 536 | | | offset-1, 2, pntohs(src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
37 | #define pntohs(p) ((guint16) \ |
38 | ((guint16)*((const guint8 *)(p)+0)<<8| \ |
39 | (guint16)*((const guint8 *)(p)+1)<<0)) |
| |
|
| 537 | | | } |
| 538 | | | src += 2; |
| 539 | | | offset += 1; |
| 540 | | | } |
| 541 | | | }else { |
| 542 | | | if ( !pinfo->fd->flags.visited){ |
| 543 | | | *dst = *src; |
| 544 | | | if ( dst++ == buf_end) |
| 545 | | | dst = buf_start; |
| 546 | | | } |
| 547 | | | ++src; |
| 548 | | | ++len; |
| 549 | | | |
| 550 | | | } |
| 551 | | | |
| 552 | | | if ( len >MAX_WCP_BUF_LEN){ |
| 553 | | | return NULL; |
| 554 | | | } |
| 555 | | | |
| 556 | | | comp_flag_bits <<= 1; |
| 557 | | | |
| 558 | | | }else { |
| 559 | | | |
| 560 | | | comp_flag_bits = *src++; |
| 561 | | | if (tree) |
| 562 | | | proto_tree_add_uint( tree, hf_wcp_comp_bits, src_tvb, offset-1, 1, |
| 563 | | | comp_flag_bits); |
| 564 | | | |
| 565 | | | i = 8; |
| 566 | | | } |
| 567 | | | } |
| 568 | | | |
| 569 | | | if ( pinfo->fd->flags.visited){ |
| 570 | | | |
| 571 | | | pdata_ptr = p_get_proto_data( pinfo->fd, proto_wcp); |
| 572 | | | |
| 573 | | | if ( !pdata_ptr) |
| 574 | | | return NULL; |
| 575 | | | len = pdata_ptr->len; |
| 576 | | | } else { |
| 577 | | | |
| 578 | | | |
| 579 | | | pdata_ptr = se_alloc(sizeof(wcp_pdata_t)); |
| 580 | | | memcpy( &pdata_ptr->buffer, buf_ptr->buf_cur, len); |
| 581 | | | pdata_ptr->len = len; |
| 582 | | | |
| 583 | | | p_add_proto_data( pinfo->fd, proto_wcp, (void*)pdata_ptr); |
| 584 | | | |
| 585 | | | buf_ptr->buf_cur = dst; |
| 586 | | | } |
| 587 | | | |
| 588 | | | |
| 589 | | | TRY {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
176 | #define TRY \ |
177 | {\ |
178 | except_t *exc; \ |
179 | volatile int except_state = 0; \ |
180 | static const except_id_t catch_spec[] = { \ |
181 | { XCEPT_GROUP_WIRESHARK, XCEPT_CODE_ANY } }; \ |
182 | except_try_push(catch_spec, 1, &exc); \ |
183 | \ |
184 | if(except_state & EXCEPT_CAUGHT) \ |
185 | except_state |= EXCEPT_RETHROWN; \ |
186 | except_state &= ~EXCEPT_CAUGHT; \ |
187 | \ |
188 | if (except_state == 0 && exc == 0) \ |
189 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
143 | #define except_try_push(ID, NUM, PPE) \ |
144 | { \ |
145 | struct except_stacknode except_sn; \ |
146 | struct except_catch except_ch; \ |
147 | except_setup_try(&except_sn, &except_ch, ID, NUM); \ |
148 | if (setjmp(except_ch.except_jmp)) \ |
149 | *(PPE) = &except_ch.except_obj; \ |
150 | else \ |
151 | *(PPE) = 0 |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
168 | #define EXCEPT_RETHROWN 2 /* the exception was rethrown from a CATCH |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
| 590 | | | tvb = tvb_new_child_real_data(src_tvb, pdata_ptr->buffer, pdata_ptr->len, pdata_ptr->len); |
Ignored Return Value
The return value of tvb_new_child_real_data() is never checked in the highlighted execution scenario. - If the return value can indicate an error, the error will be ignored if the highlighted code executes.
- The return value of tvb_new_child_real_data() is checked 99% of the time in this project. CodeSonar is configured to enforce Ignored Return Value checks for any function whose return value is checked at least 96% of the time, unless the function is used fewer than 20 times. (To modify these thresholds, use configuration file parameters RETURN_CHECKER_SAMPLE_SIZE and RETURN_CHECKER_RATIO. To exempt tvb_new_child_real_data() from the Ignored Return Value check, use configuration file parameter RETURN_CHECKER_IGNORED_FUNCS).
Show: All events | Only primary events |
|
| 591 | | | } |
| 592 | | | CATCH(BoundsError) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
202 | #define CATCH(x) \ |
203 | if (except_state == 0 && exc != 0 && exc->except_id.except_code == (x) && \ |
204 | (except_state |= EXCEPT_CAUGHT)) \ |
205 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
Event 2:
Skipping " if". - except_state == 0 evaluates to true.
- exc != 0 evaluates to false.
hide
|
|
| 593 | | | DISSECTOR_ASSERT_NOT_REACHED();
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
131 | #define DISSECTOR_ASSERT_NOT_REACHED() \ |
132 | (REPORT_DISSECTOR_BUG( \ |
133 | ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"", \ |
134 | __FILE__, __LINE__))) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/proto.h |
| |
106 | #define REPORT_DISSECTOR_BUG(message) \ |
107 | ((getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != NULL) ? \ |
108 | abort() : \ |
109 | THROW_MESSAGE(DissectorError, message)) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
226 | #define THROW_MESSAGE(x, y) \ |
227 | except_throw(XCEPT_GROUP_WIRESHARK, (x), (y)) |
| |
|
| 594 | | | } |
| 595 | | | CATCH(ReportedBoundsError) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
202 | #define CATCH(x) \ |
203 | if (except_state == 0 && exc != 0 && exc->except_id.except_code == (x) && \ |
204 | (except_state |= EXCEPT_CAUGHT)) \ |
205 | /* user's code goes here */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
|
Event 3:
Skipping " if". - except_state == 0 evaluates to true.
- exc != 0 evaluates to false.
hide
|
|
| 596 | | | bounds_error = TRUE; |
| 597 | | | } |
| 598 | | | ENDTRY;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
191 | #define ENDTRY \ |
192 | /* rethrow the exception if necessary */ \ |
193 | if(!(except_state&EXCEPT_CAUGHT) && exc != 0) \ |
194 | except_rethrow(exc); \ |
195 | except_try_pop();\ |
196 | } |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/exceptions.h |
| |
165 | #define EXCEPT_CAUGHT 1 /* exception has been caught, no need to rethrow at |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/except.h |
| |
153 | #define except_try_pop() \ |
154 | except_free(except_ch.except_obj.except_dyndata); \ |
155 | except_pop(); \ |
156 | } |
| |
|
Event 4:
Skipping " if". - except_state & 1 evaluates to false.
- exc != 0 evaluates to false.
hide
|
|
| 599 | | | |
| 600 | | | if (bounds_error) return NULL; |
Event 5:
Taking true branch. bounds_error evaluates to true.
hide
|
|
| 601 | | | |
| 602 | | | |
| 603 | | | add_new_data_source( pinfo, tvb, "Uncompressed WCP"); |
| 604 | | | return tvb; |
| 605 | | | |
| 606 | | | } |
| |