(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/irda/packet-irda.c) |
| |
| 1224 | | | void add_lmp_conversation(packet_info* pinfo, guint8 dlsap, gboolean ttp, dissector_t proto_dissector) |
| 1225 | | | { |
| 1226 | | | guint8 dest; |
| 1227 | | | address srcaddr; |
| 1228 | | | address destaddr; |
| 1229 | | | conversation_t* conv; |
| 1230 | | | lmp_conversation_t* lmp_conv = NULL; |
| 1231 | | | |
| 1232 | | | |
| 1233 | | | |
| 1234 | | | srcaddr.type = AT_NONE; |
| 1235 | | | srcaddr.len = 1; |
| 1236 | | | srcaddr.data = (guint8*)&pinfo->circuit_id; |
| 1237 | | | |
| 1238 | | | dest = pinfo->circuit_id ^ CMD_FRAME; |
| 1239 | | | destaddr.type = AT_NONE; |
| 1240 | | | destaddr.len = 1; |
| 1241 | | | destaddr.data = (guint8*)&dest; |
| 1242 | | | |
| 1243 | [+] | | conv = find_conversation(pinfo->fd->num, &destaddr, &srcaddr, PT_NONE, dlsap, 0, NO_PORT_B); |
 |
| 1244 | | | if (conv) |
Event 11:
Taking true branch. conv evaluates to true.
hide
|
|
| 1245 | | | { |
| 1246 | [+] | | lmp_conv = (lmp_conversation_t*)conversation_get_proto_data(conv, proto_irlmp); |
 |
| 1247 | | | while (1) |
Event 16:
Entering loop body. 1 evaluates to true.
hide
|
|
| 1248 | | | { |
| 1249 | | | |
| 1250 | | | if (lmp_conv->iap_result_frame == pinfo->fd->num) |
Null Pointer Dereference
lmp_conv is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 15. Show: All events | Only primary events |
|
| |