(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 1387 | | | PRIVATE char* |
| 1388 | | | make_basename(char* fullname) |
| 1389 | | | { |
| 1390 | | | char *cp; |
| 1391 | | | char *new_string; |
| 1392 | | | |
| 1393 | | | |
| 1394 | | | cp = strrchr(fullname, '/'); |
| 1395 | | | |
| 1396 | | | #ifdef WIN32 |
| 1397 | | | |
| 1398 | | | |
| 1399 | | | if (!cp) |
| 1400 | | | cp = strrchr(fullname, '\\'); |
| 1401 | | | #endif |
| 1402 | | | |
| 1403 | | | if (!cp) { |
Event 1:
Taking true branch. cp evaluates to false.
hide
|
|
| 1404 | | | new_string = malloc( strlen(fullname) ); |
Event 2:
malloc() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 3:
new_string is set to malloc(strlen(fullname)), which evaluates to NULL. See related event 2.
hide
|
|
| 1405 | | | strcpy(new_string, fullname); |
Event 4:
new_string, which evaluates to NULL, is passed to strcpy() as the first argument. See related event 3.
hide
Null Pointer Dereference
The body of strcpy() dereferences new_string, but it is NULL. The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| |