(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/sctp_assoc_analyse.c) |
| |
| 918 | | | void sctp_set_assoc_filter(void) |
| 919 | | | { |
| 920 | | | struct sctp_analyse * u_data; |
| 921 | | | |
| 922 | | | |
| 923 | | | if (sctp_stat_get_info()->is_registered == FALSE) |
Event 1:
Skipping " if". sctp_stat_get_info()->is_registered == 0 evaluates to false.
hide
|
|
| 924 | | | register_tap_listener_sctp_stat(); |
| 925 | | | |
| 926 | | | |
| 927 | | | sctp_stat_scan(); |
| 928 | | | u_data = g_malloc(sizeof(struct sctp_analyse)); |
| 929 | | | u_data->assoc = NULL; |
Event 4:
u_data->assoc is set to NULL, where u_data is g_malloc(...) from sctp_assoc_analyse.c:928. - Dereferenced later, causing the null pointer dereference.
See related event 3.
hide
|
|
| 930 | | | u_data->children = NULL; |
| 931 | | | u_data->analyse_nb = NULL; |
| 932 | | | u_data->window = NULL; |
| 933 | | | u_data->num_children = 0; |
| 934 | | | cf_retap_packets(&cfile, FALSE); |
| 935 | | | sctp_analyse_cb(u_data, TRUE); |
Event 5:
!0 evaluates to true.
hide
|
|
| 936 | [+] | | sctp_set_filter(NULL, u_data); |
Event 6:
u_data, which evaluates to g_malloc(...) from sctp_assoc_analyse.c:928, is passed to sctp_set_filter() as the second argument. See related event 3.
hide
|
|
 |
| |