(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/wimax/packet-wmx.c) |
| |
| 640 | | | proto_tree *add_tlv_subtree(tlv_info_t *this, gint idx, proto_tree *tree, int hfindex, tvbuff_t *tvb, gint start, gint length, gboolean little_endian) |
| 641 | | | { |
| 642 | | | |
| 643 | | | proto_tree *tlv_tree; |
| 644 | | | proto_item *tlv_item; |
| 645 | | | guint start_of_tlv; |
| 646 | | | gint tlv_value_length, tlv_val_offset; |
| 647 | | | guint8 size_of_tlv_length_field; |
| 648 | | | guint8 tlv_type; |
| 649 | | | guint32 tlv_value; |
| 650 | | | gchar *hex_fmt; |
| 651 | | | |
| 652 | | | UNREFERENCED_PARAMETER(length); |
| 653 | | | |
| 654 | | | |
| 655 | | | tlv_val_offset = get_tlv_value_offset(this); |
| 656 | | | start_of_tlv = start - tlv_val_offset; |
| 657 | | | tlv_value_length = get_tlv_length(this); |
| 658 | | | size_of_tlv_length_field = get_tlv_size_of_length(this); |
| 659 | | | tlv_type = get_tlv_type(this); |
| 660 | | | |
| 661 | | | |
| 662 | [+] | | tlv_item = proto_tree_add_item(tree, hfindex, tvb, start, tlv_value_length, little_endian); |
 |
| 663 | | | |
| 664 | | | tlv_item->finfo->start -= tlv_val_offset; |
Null Pointer Dereference
tlv_item is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 3. Show: All events | Only primary events |
|
| |