(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/mate/mate_runtime.c) |
| |
| 308 | | | static void reanalyze_gop(mate_gop* gop) { |
| 309 | | | LoAL* gog_keys = NULL; |
| 310 | | | AVPL* curr_gogkey = NULL; |
| 311 | | | mate_cfg_gop* gop_cfg = NULL; |
| 312 | | | void* cookie = NULL; |
| 313 | | | AVPL* gogkey_match = NULL; |
| 314 | | | mate_gog* gog = gop->gog; |
| 315 | | | gogkey* gog_key; |
| 316 | | | |
| 317 | | | if ( ! gog ) return; |
Event 1:
Skipping " if". gog evaluates to true.
hide
|
|
| 318 | | | |
| 319 | | | gog->last_time = rd->now; |
| 320 | | | |
| 321 | | | dbg_print (dbg_gog,1,dbg_facility,"reanalize_gop: %s:%d",gop->cfg->name,gop->id); |
| 322 | | | |
| 323 | | | (gop->avpl,gog->avpl,gog->cfg->); |
| 324 | | | |
| 325 | | | |
| 326 | | | |
| 327 | | | |
| 328 | | | |
| 329 | | | |
| 330 | | | |
| 331 | | | if (gog->last_n != gog->avpl->len) { |
Event 2:
Taking true branch. gog->last_n != gog->avpl->len evaluates to true.
hide
|
|
| 332 | | | |
| 333 | | | dbg_print (dbg_gog,2,dbg_facility,"reanalize_gop: gog has new attributes let's look for new keys"); |
| 334 | | | |
| 335 | | | gog_keys = gog->cfg->keys; |
| 336 | | | |
| 337 | | | while (( curr_gogkey = get_next_avpl(gog_keys,&cookie) )) { |
Event 3:
Entering loop body. curr_gogkey = get_next_avpl(...) evaluates to true.
hide
|
|
| 338 | | | gop_cfg = g_hash_table_lookup(mc->gopcfgs,curr_gogkey->name); |
| 339 | | | |
| 340 | | | if (( gogkey_match = new_avpl_exact_match(gop_cfg->name,gog->avpl,curr_gogkey,FALSE) )) { |
Event 5:
Taking true branch. gogkey_match = new_avpl_exact_match(...) evaluates to true.
hide
|
|
| 341 | | | |
| 342 | | | gog_key = g_malloc(sizeof(gogkey)); |
| 343 | | | |
| 344 | | | gog_key->key = avpl_to_str(gogkey_match); |
| 345 | | | delete_avpl(gogkey_match,FALSE); |
| 346 | | | |
| 347 | | | gog_key->cfg = gop_cfg; |
| 348 | | | |
| 349 | | | if (g_hash_table_lookup(gop_cfg->gog_index,gog_key->key)) { |
Event 8:
g_hash_table_lookup is an Undefined Function.
hide
Event 9:
Skipping " if". g_hash_table_lookup(...) evaluates to false.
hide
|
|
| 350 | | | g_free(gog_key->key); |
| 351 | | | g_free(gog_key); |
| 352 | | | gog_key = NULL; |
| 353 | | | } |
| 354 | | | |
| 355 | | | if (! gog_key ) { |
Null Test After Dereference
This code tests the nullness of gog_key, which has already been dereferenced. - If gog_key were null, there would have been a prior null pointer dereference at mate_runtime.c:349, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| 356 | | | |
| 357 | | | |
| 358 | | | |
| 359 | | | } else { |
| 360 | | | dbg_print (dbg_gog,1,dbg_facility,"analize_gop: new key for gog=%s:%d : %s",gog->cfg->name,gog->id,gog_key->key); |
| 361 | | | g_ptr_array_add(gog->gog_keys,gog_key); |
| 362 | | | g_hash_table_insert(gog_key->cfg->gog_index,gog_key->key,gog); |
| 363 | | | } |
| 364 | | | |
| 365 | | | } |
| 366 | | | } |
| 367 | | | |
| 368 | | | gog->last_n = gog->avpl->len; |
| 369 | | | } |
| 370 | | | |
| 371 | | | if (gog->num_of_released_gops == gog->num_of_counting_gops) { |
| 372 | | | gog->released = TRUE; |
| 373 | | | gog->expiration = gog->cfg->expiration + rd->now; |
| 374 | | | } else { |
| 375 | | | gog->released = FALSE; |
| 376 | | | } |
| 377 | | | } |
| |