(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ff.c) |
| |
| 13165 | | | dissect_ff_msg_hdr_srv(tvbuff_t *tvb, |
| 13166 | | | gint offset, proto_tree *tree, guint8 proto_and_type, guint8 service) |
| 13167 | | | { |
| 13168 | | | proto_tree *sub_tree = NULL; |
| 13169 | | | proto_item *ti = NULL; |
| 13170 | | | |
| 13171 | | | if(!tree) { |
Event 1:
Skipping " if". tree evaluates to true.
hide
|
|
| 13172 | | | return; |
| 13173 | | | } |
| 13174 | | | |
| 13175 | [+] | | ti = proto_tree_add_text(tree, tvb, offset, 1, "Service: 0x%02x", service); |
 |
| 13176 | | | sub_tree = proto_item_add_subtree(ti, ett_ff_fda_msg_hdr_srv); |
| 13177 | | | |
| 13178 | | | if(!sub_tree) { |
Event 12:
Skipping " if". sub_tree evaluates to true.
hide
|
|
| 13179 | | | return; |
| 13180 | | | } |
| 13181 | | | |
| 13182 | | | |
| 13183 | | | proto_tree_add_text(sub_tree, tvb, offset, 1, "%s (%u)", |
| 13184 | | | decode_boolean_bitfield(service, SERVICE_CONFIRMED_FLAG_MASK, 8, |
| 13185 | | | "Confirmed Flag: Confirmed", |
| 13186 | | | "Confirmed Flag: Unconfirmed"), |
| 13187 | | | (service & SERVICE_CONFIRMED_FLAG_MASK) >> 7); |
| 13188 | | | |
| 13189 | | | |
| 13190 | | | switch(proto_and_type & PROTOCOL_MASK) { |
Event 13:
proto_and_type & 252 evaluates to 4.
hide
|
|
| 13191 | | | case PROTOCOL_FDA: |
| 13192 | | | if(service & SERVICE_CONFIRMED_FLAG_MASK) { |
Event 14:
Taking false branch. service & 128 evaluates to false.
hide
|
|
| 13193 | | | proto_tree_add_text(sub_tree, tvb, offset, 1, "%s (%u)", |
| 13194 | | | decode_enumerated_bitfield(service, |
| 13195 | | | SERVICE_SERVICE_ID_MASK, 8, |
| 13196 | | | names_fda_confirmed, "Service Id: %s"), |
| 13197 | | | service & SERVICE_SERVICE_ID_MASK); |
| 13198 | | | } else { |
| 13199 | | | proto_tree_add_text(sub_tree, tvb, offset, 1, "%s (%u)", |
| 13200 | | | decode_enumerated_bitfield(service, |
| 13201 | | | SERVICE_SERVICE_ID_MASK, 8, |
| 13202 | [+] | | names_fda_unconfirmed, "Service Id: %s"), |
Event 15:
names_fda_unconfirmed is passed to decode_enumerated_bitfield() as the fourth argument. - This points to the buffer that will be overrun later.
hide
|
|
 |
| 13203 | | | service & SERVICE_SERVICE_ID_MASK); |
| |