(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/rtp_analysis.c) |
| |
| 2248 | | | static gboolean copy_file(gchar *dest, gint channels, gint format, user_data_t *user_data) |
| 2249 | | | { |
| 2250 | | | FILE *to_stream, *forw_stream, *rev_stream; |
| 2251 | | | size_t fwritten, rwritten; |
| 2252 | | | int f_rawvalue, r_rawvalue, rawvalue; |
| 2253 | | | gint16 sample; |
| 2254 | | | gchar pd[4]; |
| 2255 | | | guint32 f_write_silence = 0; |
| 2256 | | | guint32 r_write_silence = 0; |
| 2257 | | | progdlg_t *progbar; |
| 2258 | | | guint32 progbar_count, progbar_quantum, progbar_nextstep = 0, count = 0; |
| 2259 | | | gboolean stop_flag = FALSE; |
| 2260 | | | size_t nchars; |
| 2261 | | | |
| 2262 | | | forw_stream = ws_fopen(user_data->f_tempname, "rb"); |
| 2263 | | | if (forw_stream == NULL) |
Event 1:
Skipping " if". forw_stream == (void *)0 evaluates to false.
hide
|
|
| 2264 | | | return FALSE; |
| 2265 | | | rev_stream = ws_fopen(user_data->r_tempname, "rb"); |
| 2266 | | | if (rev_stream == NULL) { |
Event 2:
Skipping " if". rev_stream == (void *)0 evaluates to false.
hide
|
|
| 2267 | | | fclose(forw_stream); |
| 2268 | | | return FALSE; |
| 2269 | | | } |
| 2270 | | | |
| 2271 | | | |
| 2272 | | | to_stream = ws_fopen(dest, "wb"); |
| 2273 | | | if (to_stream == NULL) { |
Event 3:
Skipping " if". to_stream == (void *)0 evaluates to false.
hide
|
|
| 2274 | | | fclose(forw_stream); |
| 2275 | | | fclose(rev_stream); |
| 2276 | | | return FALSE; |
| 2277 | | | } |
| 2278 | | | |
| 2279 | [+] | | progbar = create_progress_dlg("Saving voice in a file", dest, TRUE, &stop_flag); |
Event 4:
!0 evaluates to true.
hide
|
|
 |
| 2280 | | | |
| 2281 | | | if (format == SAVE_AU_FORMAT) |
Event 155:
Taking true branch. format == 2 evaluates to true.
hide
|
|
| 2282 | | | { |
| 2283 | | | |
| 2284 | | | |
| 2285 | | | phtonl(pd, 0x2e736e64);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2286 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2287 | | | |
| 2288 | | | phtonl(pd, 24);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2289 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2290 | | | |
| 2291 | | | phtonl(pd, -1);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2292 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2293 | | | |
| 2294 | | | phtonl(pd, 3);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2295 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2296 | | | |
| 2297 | | | phtonl(pd, 8000);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2298 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2299 | | | |
| 2300 | | | phtonl(pd, 1);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
90 | #define phtonl(p, v) \ |
91 | { \ |
92 | ((guint8*)(p))[0] = (guint8)((v) >> 24); \ |
93 | ((guint8*)(p))[1] = (guint8)((v) >> 16); \ |
94 | ((guint8*)(p))[2] = (guint8)((v) >> 8); \ |
95 | ((guint8*)(p))[3] = (guint8)((v) >> 0); \ |
96 | } |
| |
|
| 2301 | | | nchars=fwrite(pd, 1, 4, to_stream); |
| 2302 | | | |
| 2303 | | | |
| 2304 | | | switch (channels) { |
Event 156:
channels evaluates to 3.
hide
|
|
| 2305 | | | |
| 2306 | | | case SAVE_FORWARD_DIRECTION_MASK: { |
| 2307 | | | progbar_count = user_data->forward.saveinfo.count; |
| 2308 | | | progbar_quantum = user_data->forward.saveinfo.count/100; |
| 2309 | | | while ((f_rawvalue = getc(forw_stream)) != EOF) { |
| 2310 | | | if(stop_flag) |
| 2311 | | | break; |
| 2312 | | | if((count > progbar_nextstep) && (count <= progbar_count)) { |
| 2313 | | | update_progress_dlg(progbar, |
| 2314 | | | (gfloat) count/progbar_count, "Saving"); |
| 2315 2377 |  | | [ Lines 2315 to 2377 omitted. ] |
| 2378 | | | fclose(forw_stream); |
| 2379 | | | fclose(rev_stream); |
| 2380 | | | fclose(to_stream); |
| 2381 | | | destroy_progress_dlg(progbar); |
| 2382 | | | return FALSE; |
| 2383 | | | } |
| 2384 | | | } |
| 2385 | | | break; |
| 2386 | | | } |
| 2387 | | | |
| 2388 | | | case SAVE_BOTH_DIRECTION_MASK: {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/rtp_analysis.c |
| |
259 | #define SAVE_BOTH_DIRECTION_MASK (SAVE_FORWARD_DIRECTION_MASK|SAVE_REVERSE_DIRECTION_MASK) |
| |
|
| 2389 | | | (user_data->forward.saveinfo.count > user_data->reversed.saveinfo.count) ? |
Event 157:
user_data->forward.saveinfo.count > user_data->reversed.saveinfo.count evaluates to true.
hide
|
|
| 2390 | | | (progbar_count = user_data->forward.saveinfo.count) : |
| 2391 | | | (progbar_count = user_data->reversed.saveinfo.count); |
| 2392 | | | progbar_quantum = progbar_count/100; |
| 2393 | | | |
| 2394 | | | |
| 2395 | | | if (user_data->forward.statinfo.start_time > user_data->reversed.statinfo.start_time) { |
Event 158:
Taking false branch. user_data->forward.statinfo.start_time > user_data->reversed.statinfo.start_time evaluates to false.
hide
|
|
| 2396 | | | f_write_silence = (guint32) |
| 2397 | | | ((user_data->forward.statinfo.start_time-user_data->reversed.statinfo.start_time)*8000); |
| 2398 | | | } |
| 2399 | | | else if (user_data->forward.statinfo.start_time < user_data->reversed.statinfo.start_time) { |
Event 159:
Taking true branch. user_data->forward.statinfo.start_time < user_data->reversed.statinfo.start_time evaluates to true.
hide
|
|
| 2400 | | | r_write_silence = (guint32) |
| 2401 | | | ((user_data->reversed.statinfo.start_time-user_data->forward.statinfo.start_time)*8000); |
| 2402 | | | } |
| 2403 | | | for(;;) { |
| 2404 | | | if(stop_flag) |
Event 160:
Skipping " if". stop_flag evaluates to false.
hide
|
|
| 2405 | | | break; |
| 2406 | | | if((count > progbar_nextstep) && (count <= progbar_count)) { |
Event 161:
Skipping " if". count > progbar_nextstep evaluates to false.
hide
|
|
| 2407 | | | update_progress_dlg(progbar, |
| 2408 | | | (gfloat) count/progbar_count, "Saving"); |
| 2409 | | | progbar_nextstep = progbar_nextstep + progbar_quantum; |
| 2410 | | | } |
| 2411 | | | count++; |
| 2412 | | | if(f_write_silence > 0) { |
Event 162:
Taking false branch. f_write_silence > 0 evaluates to false.
hide
|
|
| 2413 | | | r_rawvalue = getc(rev_stream); |
| 2414 | | | switch (user_data->forward.statinfo.reg_pt) { |
| 2415 | | | case PT_PCMU: |
| 2416 | | | f_rawvalue = SILENCE_PCMU; |
| 2417 | | | break; |
| 2418 | | | case PT_PCMA: |
| 2419 | | | f_rawvalue = SILENCE_PCMA; |
| 2420 | | | break; |
| 2421 | | | default: |
| 2422 | | | f_rawvalue = 0; |
| 2423 | | | break; |
| 2424 | | | } |
| 2425 | | | f_write_silence--; |
| 2426 | | | } |
| 2427 | | | else if(r_write_silence > 0) { |
Event 163:
Taking true branch. r_write_silence > 0 evaluates to true.
hide
|
|
| 2428 | | | f_rawvalue = getc(forw_stream); |
Event 164:
getc() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Event 165:
Considering the case where getc(forw_stream) is at least -1.
hide
Event 166:
Considering the case where getc(forw_stream) is no more than 255.
hide
Event 167:
f_rawvalue is set to getc(forw_stream). See related event 164.
hide
|
|
| 2429 | | | switch (user_data->reversed.statinfo.reg_pt) { |
Event 168:
user_data->reversed.statinfo.reg_pt evaluates to 8.
hide
|
|
| 2430 | | | case PT_PCMU: |
| 2431 | | | r_rawvalue = SILENCE_PCMU; |
| 2432 | | | break; |
| 2433 | | | case PT_PCMA: |
| 2434 | | | r_rawvalue = SILENCE_PCMA; |
| 2435 | | | break; |
| 2436 | | | default: |
| 2437 | | | r_rawvalue = 0; |
| 2438 | | | break; |
| 2439 | | | } |
| 2440 | | | r_write_silence--; |
| 2441 | | | } |
| 2442 | | | else { |
| 2443 | | | f_rawvalue = getc(forw_stream); |
| 2444 | | | r_rawvalue = getc(rev_stream); |
| 2445 | | | } |
| 2446 | | | if ((r_rawvalue == EOF) && (f_rawvalue == EOF)) |
Event 169:
Skipping " if". r_rawvalue == -1 evaluates to false.
hide
|
|
| 2447 | | | break; |
| 2448 | | | if ((user_data->forward.statinfo.pt == PT_PCMU) && (user_data->reversed.statinfo.pt == PT_PCMU)){ |
| 2449 | | | sample = (ulaw2linear((unsigned char)r_rawvalue) + ulaw2linear((unsigned char)f_rawvalue)) / 2; |
Cast Alters Value
f_rawvalue is cast from int to unsigned char. - f_rawvalue could be -1 or lower.
- Negative values cannot be stored as unsigned char. Casting them to unsigned char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related events 165, 166, and 167. Show: All events | Only primary events |
|
| 2450 | | | phtons(pd, sample);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
84 | #define phtons(p, v) \ |
85 | { \ |
86 | ((guint8*)(p))[0] = (guint8)((v) >> 8); \ |
87 | ((guint8*)(p))[1] = (guint8)((v) >> 0); \ |
88 | } |
| |
|
| 2451 | | | } |
| 2452 | | | else if((user_data->forward.statinfo.pt == PT_PCMA) && (user_data->reversed.statinfo.pt == PT_PCMA)){ |
| 2453 | | | sample = (alaw2linear((unsigned char)r_rawvalue) + alaw2linear((unsigned char)f_rawvalue)) / 2; |
| 2454 | | | phtons(pd, sample);
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/pint.h |
| |
84 | #define phtons(p, v) \ |
85 | { \ |
86 | ((guint8*)(p))[0] = (guint8)((v) >> 8); \ |
87 | ((guint8*)(p))[1] = (guint8)((v) >> 0); \ |
88 | } |
| |
|
| 2455 | | | } |
| 2456 | | | else |
| 2457 | | | { |
| 2458 | | | fclose(forw_stream); |
| 2459 | | | fclose(rev_stream); |
| 2460 | | | fclose(to_stream); |
| 2461 | | | destroy_progress_dlg(progbar); |
| 2462 | | | return FALSE; |
| 2463 | | | } |
| 2464 | | | |
| 2465 | | | |
| 2466 | | | rwritten = fwrite(pd, 1, 2, to_stream); |
| 2467 | | | if (rwritten < 2) { |
| |