(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-dmp.c) |
| |
| 1126 | | | static void register_dmp_id (packet_info *pinfo, guint8 reason) |
| 1127 | | | { |
| 1128 | | | dmp_id_val *dmp_data = NULL, *pkg_data = NULL; |
| 1129 | | | dmp_id_key *dmp_key = NULL; |
| 1130 | | | nstime_t msg_time = { 0, 0 }; |
| 1131 | | | guint msg_id = 0; |
| 1132 | | | |
| 1133 | | | if (pinfo->in_error_pkt) { |
Event 1:
Skipping " if". pinfo->in_error_pkt evaluates to false.
hide
|
|
| 1134 | | | |
| 1135 | | | return; |
| 1136 | | | } |
| 1137 | | | |
| 1138 | | | dmp_key = se_alloc (sizeof (dmp_id_key)); |
| 1139 | | | |
| 1140 | | | if (!pinfo->fd->flags.visited && |
Event 2:
Skipping " if". pinfo->fd->flags.visited evaluates to true.
hide
|
|
| 1141 | | | (dmp.msg_type == REPORT || dmp.msg_type == NOTIF)) |
| 1142 | | | { |
| 1143 | | | |
| 1144 | | | dmp_key->id = (guint) dmp.subj_id; |
| 1145 | | | SE_COPY_ADDRESS(&dmp_key->src, &(pinfo->dst));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1146 | | | SE_COPY_ADDRESS(&dmp_key->dst, &(pinfo->src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1147 | | | |
| 1148 | | | dmp_data = (dmp_id_val *) g_hash_table_lookup (dmp_id_hash_table, dmp_key); |
| 1149 | | | |
| 1150 | | | if (dmp_data) { |
| 1151 | | | |
| 1152 | | | if (dmp_data->prev_msg_id > 0) { |
| 1153 | | | msg_id = dmp_data->prev_msg_id; |
| 1154 | | | } else { |
| 1155 | | | msg_id = dmp_data->msg_id; |
| 1156 | | | } |
| 1157 | | | msg_time = dmp_data->msg_time; |
| 1158 | | | } |
| 1159 | | | } |
| 1160 | | | |
| 1161 | | | if (dmp.msg_type == ACK) { |
Event 3:
Taking false branch. dmp.msg_type == 4 evaluates to false.
hide
|
|
| 1162 | | | dmp_key->id = (guint) dmp.subj_id; |
| 1163 | | | SE_COPY_ADDRESS(&dmp_key->src, &(pinfo->dst));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1164 | | | SE_COPY_ADDRESS(&dmp_key->dst, &(pinfo->src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1165 | | | } else { |
| 1166 | | | dmp_key->id = (guint) dmp.msg_id; |
| 1167 | | | SE_COPY_ADDRESS(&dmp_key->src, &(pinfo->src));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1168 | | | SE_COPY_ADDRESS(&dmp_key->dst, &(pinfo->dst));
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
116 | #define SE_COPY_ADDRESS(to, from) { \ |
117 | guint8 *SE_COPY_ADDRESS_data; \ |
118 | (to)->type = (from)->type; \ |
119 | (to)->len = (from)->len; \ |
120 | SE_COPY_ADDRESS_data = se_alloc((from)->len); \ |
121 | memcpy(SE_COPY_ADDRESS_data, (from)->data, (from)->len); \ |
122 | (to)->data = SE_COPY_ADDRESS_data; \ |
123 | } |
| |
|
| 1169 | | | } |
| 1170 | | | |
| 1171 | | | dmp_data = (dmp_id_val *) g_hash_table_lookup (dmp_id_hash_table, dmp_key); |
| 1172 | | | |
| 1173 | | | if (!pinfo->fd->flags.visited) { |
Event 5:
Taking false branch. pinfo->fd->flags.visited evaluates to true.
hide
|
|
| 1174 | | | if (dmp_data) { |
| 1175 | | | if (dmp.msg_type == ACK) { |
| 1176 | | | |
| 1177 | | | if (reason == 0) { |
| 1178 | | | if (dmp_data->ack_id == 0) { |
| 1179 | | | |
| 1180 | | | dmp_data->ack_id = pinfo->fd->num; |
| 1181 | | | } else { |
| 1182 | | | |
| 1183 | | | dmp_data->ack_resend_count++; |
| 1184 1214 |  | | [ Lines 1184 to 1214 omitted. ] |
| 1215 | | | dmp_data->msg_id = pinfo->fd->num; |
| 1216 | | | } |
| 1217 | | | |
| 1218 | | | g_hash_table_insert (dmp_id_hash_table, dmp_key, dmp_data); |
| 1219 | | | } |
| 1220 | | | } |
| 1221 | | | |
| 1222 | | | pkg_data = se_alloc (sizeof (dmp_id_val)); |
| 1223 | | | *pkg_data = *dmp_data; |
| 1224 | | | p_add_proto_data (pinfo->fd, proto_dmp, pkg_data); |
| 1225 | | | } else { |
| 1226 | | | |
| 1227 | [+] | | pkg_data = p_get_proto_data (pinfo->fd, proto_dmp); |
 |
| 1228 | | | |
| 1229 | | | if (dmp_data && dmp.msg_type != ACK && pkg_data->ack_id == 0) { |
Event 10:
- dmp_data evaluates to true.
- dmp.msg_type != 4 evaluates to true.
hide
Null Pointer Dereference
pkg_data is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |