(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/emem.c) |
| |
| 1472 | | | emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) |
| 1473 | | | { |
| 1474 | | | emem_tree_key_t key[2]; |
| 1475 | | | guint32 *aligned=NULL; |
| 1476 | | | guint32 len = (guint32) strlen(k); |
| 1477 | | | guint32 div = (len+3)/4+1; |
| 1478 | | | guint32 i; |
| 1479 | | | guint32 tmp; |
| 1480 | | | |
| 1481 | | | aligned = malloc(div * sizeof (guint32)); |
Event 1:
malloc() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 2:
aligned is set to malloc(...), which evaluates to NULL. See related event 1.
hide
|
|
| 1482 | | | |
| 1483 | | | |
| 1484 | | | tmp = 0; |
| 1485 | | | for (i = 0;i < len;i++) { |
Event 4:
Continuing from loop body. Entering loop body. i < len evaluates to true.
hide
|
|
| 1486 | | | unsigned char ch; |
| 1487 | | | |
| 1488 | | | ch = (unsigned char)k[i]; |
| 1489 | | | if (flags & EMEM_TREE_STRING_NOCASE) { |
Event 5:
Skipping " if". flags & 1 evaluates to false.
hide
|
|
| 1490 | | | if(isupper(ch)) { |
| 1491 | | | ch = tolower(ch); |
| 1492 | | | } |
| 1493 | | | } |
| 1494 | | | tmp <<= 8; |
| 1495 | | | tmp |= ch; |
| 1496 | | | if (i%4 == 3) { |
Event 6:
Taking true branch. i % 4 == 3 evaluates to true.
hide
|
|
| 1497 | | | aligned[i/4] = tmp; |
Null Pointer Dereference
aligned is dereferenced here, but it is NULL. The issue can occur if the highlighted code executes. See related event 2. Show: All events | Only primary events |
|
| 1498 | | | tmp = 0; |
| |