(/home/sate/Testcases/c/cve/wireshark-1.2.0/gtk/hostlist_table.c) |
| |
| 1236 | | | add_hostlist_table_data(hostlist_table *hl, const address *addr, guint32 port, gboolean sender, int num_frames, int num_bytes, SAT_E sat, int port_type) |
| 1237 | | | { |
| 1238 | | | hostlist_talker_t *talker=NULL; |
| 1239 | | | int talker_idx=0; |
| 1240 | | | gboolean new_talker; |
| 1241 | | | |
| 1242 | | | new_talker=FALSE; |
| 1243 | | | |
| 1244 | | | |
| 1245 | | | |
| 1246 | | | if(hl->hosts==NULL){ |
Event 1:
Taking true branch. hl->hosts == (void *)0 evaluates to true.
hide
|
|
| 1247 | | | hl->hosts=g_malloc(sizeof(hostlist_talker_t)); |
Event 2:
g_malloc is an Undefined Function.
hide
Event 3:
hl->hosts is set to g_malloc(...). - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 1248 | | | hl->num_hosts=1; |
| 1249 | | | talker=&hl->hosts[0]; |
| 1250 | | | talker_idx=0; |
| 1251 | | | new_talker=TRUE; |
Event 5:
!0 evaluates to true.
hide
|
|
| 1252 | | | } |
| 1253 | | | |
| 1254 | | | |
| 1255 | | | if(talker==NULL){ |
Event 6:
Taking true branch. talker == (void *)0 evaluates to true.
hide
Event 7:
Considering the case where hl->hosts is equal to 0. See related events 3 and 4.
hide
|
|
| 1256 | | | guint32 i; |
| 1257 | | | for(i=0;i<hl->num_hosts;i++){ |
Event 8:
Entering loop body. i < hl->num_hosts evaluates to true.
hide
|
|
| 1258 | | | if( (!CMP_ADDRESS(&hl->hosts[i].address, addr))&&(hl->hosts[i].port==port) ){
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/address.h |
| |
78 | #define CMP_ADDRESS(addr1, addr2) \ |
79 | ( ((addr1)->type > (addr2)->type)?1: \ |
80 | ((addr1)->type < (addr2)->type)?-1: \ |
81 | ((addr1)->len > (addr2)->len) ?1: \ |
82 | ((addr1)->len < (addr2)->len) ?-1: \ |
83 | memcmp((addr1)->data, (addr2)->data, (addr1)->len)\ |
84 | ) |
| |
|
Null Pointer Dereference
hl->hosts is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| |