(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 3130 | | | PRIVATE FILE *tplt_open(struct lemon *lemp) |
| 3131 | | | { |
| 3132 | | | static char templatename[] = "lempar.c"; |
| 3133 | | | char* buf; |
| 3134 | | | FILE *in; |
| 3135 | | | char *tpltname = NULL; |
| 3136 | | | char *cp; |
| 3137 | | | |
| 3138 | | | if (lemp->templatename) { |
Event 1:
Taking false branch. lemp->templatename evaluates to false.
hide
|
|
| 3139 | | | tpltname = strdup(lemp->templatename); |
| 3140 | | | } |
| 3141 | | | else { |
| 3142 | | | cp = strrchr(lemp->filename,'.'); |
| 3143 | | | buf = malloc(1000); |
Event 2:
malloc() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 3:
buf is set to malloc(1000), which evaluates to NULL. See related event 2.
hide
|
|
| 3144 | | | if( cp ){ |
Event 4:
Taking false branch. cp evaluates to false.
hide
|
|
| 3145 | | | sprintf(buf,"%.*s.lt",(int)(cp - lemp->filename),lemp->filename); |
| 3146 | | | }else{ |
| 3147 | | | sprintf(buf,"%s.lt",lemp->filename); |
Event 5:
buf, which evaluates to NULL, is passed to sprintf() as the first argument. See related event 3.
hide
Null Pointer Dereference
The body of sprintf() dereferences buf, but it is NULL. The issue can occur if the highlighted code executes. See related event 5. Show: All events | Only primary events |
|
| |