(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-tpncp.c) |
| |
| 553 | | | static gint init_tpncp_data_fields_info(tpncp_data_field_info *data_fields_info, FILE *file) { |
| 554 | | | static gint was_registered = 0; |
| 555 | | | gchar *tpncp_db_entry = NULL, *tpncp_data_field_name = NULL, *tmp = NULL; |
| 556 | | | gint enum_val, data_id, current_data_id = -1, |
| 557 | | | tpncp_data_field_sign, tpncp_data_field_size, |
| 558 | | | tpncp_data_field_array_dim, tpncp_data_field_is_ip_addr; |
| 559 | | | guint index; |
| 560 | | | tpncp_data_field_info *current_tpncp_data_field_info = NULL; |
Event 1:
current_tpncp_data_field_info is set to NULL. - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 561 | | | hf_register_info hf_entr; |
| 562 | | | |
| 563 | [+] | | tpncp_db_entry = ep_alloc(MAX_TPNCP_DB_ENTRY_LEN); |
 |
| 564 | | | tpncp_db_entry[0] = 0; |
| 565 | | | |
| 566 | | | |
| 567 | | | hf_entr.hfinfo.display = BASE_DEC; |
| 568 | | | hf_entr.hfinfo.strings = NULL; |
| 569 | | | hf_entr.hfinfo.bitmask = 0x0; |
| 570 | | | hf_entr.hfinfo.blurb = ""; |
| 571 | | | hf_entr.hfinfo.id = 0; |
| 572 | | | hf_entr.hfinfo.parent = 0; |
| 573 | | | hf_entr.hfinfo.bitshift = 0; |
| 574 | | | hf_entr.hfinfo.same_name_next = NULL; |
| 575 | | | hf_entr.hfinfo.same_name_prev = NULL; |
| 576 | | | |
| 577 | | | if (!was_registered) { |
Event 4:
Taking false branch. was_registered evaluates to true.
hide
|
|
| 578 | | | |
| 579 | | | hf_allocated = hf_size+array_length(hf_tpncp)-1; |
| 580 | | | if ((hf = (hf_register_info *)g_realloc(hf, hf_allocated * sizeof(hf_register_info))) == NULL) |
| 581 | | | return (-1); |
| 582 | | | for (index = 0; index < array_length(hf_tpncp); index++) { |
| 583 | | | memcpy(hf + (hf_size - 1), hf_tpncp + index, sizeof(hf_register_info)); |
| 584 | | | hf_size++; |
| 585 | | | } |
| 586 | | | was_registered = 1; |
| 587 | | | } |
| 588 | | | else |
| 589 | | | hf_size++; |
| 590 | | | |
| 591 | | | while (fgets(tpncp_db_entry, MAX_TPNCP_DB_ENTRY_LEN, file) != NULL) { |
Event 5:
Entering loop body. fgets(...) != (void *)0 evaluates to true.
hide
|
|
| 592 | | | if (!strncmp(tpncp_db_entry, "#####", 5)) { |
Event 6:
Skipping " if". strncmp(...) evaluates to true.
hide
|
|
| 593 | | | hf_size--; |
| 594 | | | break; |
| 595 | | | } |
| 596 | | | if ((tmp = strtok(tpncp_db_entry, " ")) == NULL) |
Event 7:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 597 | | | continue; |
| 598 | | | data_id = atoi(tmp); |
| 599 | | | if ((tpncp_data_field_name = strtok(NULL, " ")) == NULL) |
Event 8:
Skipping " if". (tpncp_data_field_name = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 600 | | | continue; |
| 601 | | | if ((tmp = strtok(NULL, " ")) == NULL) |
Event 9:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 602 | | | continue; |
| 603 | | | tpncp_data_field_sign = atoi(tmp); |
| 604 | | | if ((tmp = strtok(NULL, " ")) == NULL) |
Event 10:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 605 | | | continue; |
| 606 | | | tpncp_data_field_size = atoi(tmp); |
| 607 | | | if ((tmp = strtok(NULL, " ")) == NULL) |
Event 11:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 608 | | | continue; |
| 609 | | | tpncp_data_field_array_dim = atoi(tmp); |
| 610 | | | if ((tmp = strtok(NULL, " ")) == NULL) |
Event 12:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 611 | | | continue; |
| 612 | | | tpncp_data_field_is_ip_addr = atoi(tmp); |
| 613 | | | if ((tmp = strtok(NULL, "\n")) == NULL) |
Event 13:
Skipping " if". (tmp = strtok(...)) == (void *)0 evaluates to false.
hide
|
|
| 614 | | | continue; |
| 615 | | | |
| 616 | | | if (current_data_id != data_id) { |
Event 14:
Taking false branch. current_data_id != data_id evaluates to false.
hide
|
|
| 617 | | | current_tpncp_data_field_info = &data_fields_info[data_id]; |
| 618 | | | current_data_id = data_id; |
| 619 | | | } |
| 620 | | | else { |
| 621 | | | if ((current_tpncp_data_field_info->p_next = |
| 622 | | | (tpncp_data_field_info *)g_malloc0(sizeof(tpncp_data_field_info))) |
| |