(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/conversations_table.c) |
| |
| 1615 | | | add_conversation_table_data(conversations_table *ct, const address *src, const address *dst, guint32 src_port, guint32 dst_port, int num_frames, int num_bytes, nstime_t *ts, SAT_E sat, int port_type) |
| 1616 | | | { |
| 1617 | | | const address *addr1, *addr2; |
| 1618 | | | guint32 port1, port2; |
| 1619 | | | conv_t *conversation=NULL; |
| 1620 | | | int conversation_idx=0; |
| 1621 | | | gboolean new_conversation; |
| 1622 | | | |
| 1623 | | | if(src_port>dst_port){ |
Event 1:
Taking true branch. src_port > dst_port evaluates to true.
hide
|
|
| 1624 | | | addr1=src; |
| 1625 | | | addr2=dst; |
| 1626 | | | port1=src_port; |
| 1627 | | | port2=dst_port; |
| 1628 | | | } else if(src_port<dst_port){ |
| 1629 | | | addr2=src; |
| 1630 | | | addr1=dst; |
| 1631 | | | port2=src_port; |
| 1632 | | | port1=dst_port; |
| 1633 | | | } else if(CMP_ADDRESS(src, dst)<0){
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
78 | #define CMP_ADDRESS(addr1, addr2) \ |
79 | ( ((addr1)->type > (addr2)->type)?1: \ |
80 | ((addr1)->type < (addr2)->type)?-1: \ |
81 | ((addr1)->len > (addr2)->len) ?1: \ |
82 | ((addr1)->len < (addr2)->len) ?-1: \ |
83 | memcmp((addr1)->data, (addr2)->data, (addr1)->len)\ |
84 | ) |
| |
|
| 1634 | | | addr1=src; |
| 1635 | | | addr2=dst; |
| 1636 | | | port1=src_port; |
| 1637 | | | port2=dst_port; |
| 1638 | | | } else { |
| 1639 | | | addr2=src; |
| 1640 | | | addr1=dst; |
| 1641 | | | port2=src_port; |
| 1642 | | | port1=dst_port; |
| 1643 | | | } |
| 1644 | | | |
| 1645 | | | |
| 1646 | | | new_conversation=FALSE; |
| 1647 | | | |
| 1648 | | | |
| 1649 | | | |
| 1650 | | | if(ct->conversations==NULL){ |
Event 2:
Taking true branch. ct->conversations == (void *)0 evaluates to true.
hide
|
|
| 1651 | | | ct->conversations=g_malloc(sizeof(conv_t)); |
Event 3:
g_malloc is an Undefined Function.
hide
Event 4:
ct->conversations is set to g_malloc(sizeof( conv_t )). - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 1652 | | | ct->num_conversations=1; |
| 1653 | | | conversation=&ct->conversations[0]; |
Event 5:
conversation is set to ct->conversations, which evaluates to g_malloc(sizeof( conv_t )) from conversations_table.c:1651. See related event 4.
hide
|
|
| 1654 | | | conversation_idx=0; |
| 1655 | | | new_conversation=TRUE; |
Event 6:
!0 evaluates to true.
hide
|
|
| 1656 | | | } |
| 1657 | | | |
| 1658 | | | |
| 1659 | | | if(conversation==NULL){ |
Event 7:
Taking true branch. conversation == (void *)0 evaluates to true.
hide
Event 8:
Considering the case where ct->conversations is equal to 0. See related events 4 and 5.
hide
|
|
| 1660 | | | guint32 i; |
| 1661 | | | for(i=0;i<ct->num_conversations;i++){ |
Event 9:
Entering loop body. i < ct->num_conversations evaluates to true.
hide
|
|
| 1662 | | | if( (!CMP_ADDRESS(&ct->conversations[i].src_address, addr1))&&(!CMP_ADDRESS(&ct->conversations[i].dst_address, addr2))&&(ct->conversations[i].src_port==port1)&&(ct->conversations[i].dst_port==port2) ){
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
78 | #define CMP_ADDRESS(addr1, addr2) \ |
79 | ( ((addr1)->type > (addr2)->type)?1: \ |
80 | ((addr1)->type < (addr2)->type)?-1: \ |
81 | ((addr1)->len > (addr2)->len) ?1: \ |
82 | ((addr1)->len < (addr2)->len) ?-1: \ |
83 | memcmp((addr1)->data, (addr2)->data, (addr1)->len)\ |
84 | ) |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
78 | #define CMP_ADDRESS(addr1, addr2) \ |
79 | ( ((addr1)->type > (addr2)->type)?1: \ |
80 | ((addr1)->type < (addr2)->type)?-1: \ |
81 | ((addr1)->len > (addr2)->len) ?1: \ |
82 | ((addr1)->len < (addr2)->len) ?-1: \ |
83 | memcmp((addr1)->data, (addr2)->data, (addr1)->len)\ |
84 | ) |
| |
|
Null Pointer Dereference
ct->conversations is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 8. Show: All events | Only primary events |
|
| |