(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/tap.c) |
| |
| 422 | | | GString * |
| 423 | | | set_tap_dfilter(void *tapdata, const char *fstring) |
| 424 | | | { |
| 425 | | | tap_listener_t *tl=NULL,*tl2; |
| 426 | | | GString *error_string; |
| 427 | | | |
| 428 | | | if(!tap_listener_queue){ |
Event 1:
Skipping " if". tap_listener_queue evaluates to true.
hide
|
|
| 429 | | | return NULL; |
| 430 | | | } |
| 431 | | | |
| 432 | | | if(tap_listener_queue->tapdata==tapdata){ |
Event 2:
Taking true branch. tap_listener_queue->tapdata == tapdata evaluates to true.
hide
|
|
| 433 | | | tl=(tap_listener_t *)tap_listener_queue; |
| 434 | | | } else { |
| 435 | | | for(tl2=(tap_listener_t *)tap_listener_queue;tl2->next;tl2=tl2->next){ |
| 436 | | | if(tl2->next->tapdata==tapdata){ |
| 437 | | | tl=tl2->next; |
| 438 | | | break; |
| 439 | | | } |
| 440 | | | |
| 441 | | | } |
| 442 | | | } |
| 443 | | | |
| 444 | | | if(tl){ |
Null Test After Dereference
This code tests the nullness of tl, which has already been dereferenced. - If tl were null, there would have been a prior null pointer dereference at tap.c:432, and potentially at other locations as well.
- Either this test is redundant, or the earlier dereference(s) should be guarded by a similar test.
The issue can occur if the highlighted code executes. See related event 4. Show: All events | Only primary events |
|
| 445 | | | if(tl->code){ |
| 446 | | | dfilter_free(tl->code); |
| 447 | | | num_tap_filters--; |
| 448 | | | tl->code=NULL; |
| 449 | | | } |
| 450 | | | tl->needs_redraw=1; |
| 451 | | | if(fstring){ |
| 452 | | | if(!dfilter_compile(fstring, &tl->code)){ |
| 453 | | | error_string = g_string_new(""); |
| 454 | | | g_string_printf(error_string, |
| 455 | | | "Filter \"%s\" is invalid - %s", |
| 456 | | | fstring, dfilter_error_msg); |
| 457 | | | return error_string; |
| 458 | | | } else { |
| 459 | | | num_tap_filters++; |
| 460 | | | } |
| 461 | | | } |
| 462 | | | } |
| 463 | | | |
| 464 | | | return NULL; |
| 465 | | | } |
| |