(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ipmi.c) |
| |
| 771 | | | ipmi_add_timestamp(proto_tree *tree, gint hf, tvbuff_t *tvb, guint offset) |
| 772 | | | { |
| 773 | [+] | | guint32 ts = tvb_get_letohl(tvb, offset); |
 |
| 774 | | | guint32 d, h, m, s; |
| 775 | | | char buf[64]; |
| 776 | | | |
| 777 | | | if (ts == 0xffffffff) { |
Event 1:
Taking false branch. ts == 4294967295 evaluates to false.
hide
|
|
| 778 | | | proto_tree_add_uint_format_value(tree, hf, tvb, offset, 4, |
| 779 | | | ts, "Unspecified/Invalid"); |
| 780 | | | } else if (ts <= 0x20000000) { |
Event 2:
Taking false branch. ts <= 536870912 evaluates to false.
hide
|
|
| 781 | | | s = ts % 60; |
| 782 | | | m = ts / 60; |
| 783 | | | h = m / 60; |
| 784 | | | m %= 60; |
| 785 | | | d = h / 24; |
| 786 | | | h %= 24; |
| 787 | | | proto_tree_add_uint_format_value(tree, hf, tvb, offset, 4, |
| 788 | | | ts, "%d days, %02d:%02d:%02d since SEL device's initialization", |
| 789 | | | d, h, m, s); |
| 790 | | | } else { |
| 791 | | | time_t t = ts; |
| 792 | | | strftime(buf, sizeof(buf), "%F %T", gmtime(&t)); |
Event 3:
gmtime() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 4:
gmtime(&t), which evaluates to NULL, is passed to strftime() as the fourth argument. See related event 3.
hide
Null Pointer Dereference
The body of strftime() dereferences gmtime(&t), but it is NULL. The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| |