(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 1387 | | | PRIVATE char* |
| 1388 | | | make_basename(char* fullname) |
| 1389 | | | { |
| 1390 | | | char *cp; |
| 1391 | | | char *new_string; |
| 1392 | | | |
| 1393 | | | |
| 1394 | | | cp = strrchr(fullname, '/'); |
| 1395 | | | |
| 1396 | | | #ifdef WIN32 |
| 1397 | | | |
| 1398 | | | |
| 1399 | | | if (!cp) |
| 1400 | | | cp = strrchr(fullname, '\\'); |
| 1401 | | | #endif |
| 1402 | | | |
| 1403 | | | if (!cp) { |
Event 1:
Taking false branch. cp evaluates to true.
hide
|
|
| 1404 | | | new_string = malloc( strlen(fullname) ); |
| 1405 | | | strcpy(new_string, fullname); |
| 1406 | | | } |
| 1407 | | | else { |
| 1408 | | | |
| 1409 | | | cp++; |
| 1410 | | | new_string = malloc( strlen(cp) ); |
Event 2:
malloc() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 3:
new_string is set to malloc(strlen(cp)), which evaluates to NULL. See related event 2.
hide
|
|
| 1411 | | | strcpy(new_string, cp); |
Event 4:
new_string, which evaluates to NULL, is passed to strcpy() as the first argument. See related event 3.
hide
Null Pointer Dereference
The body of strcpy() dereferences new_string, but it is NULL. The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| |