(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dissectors/packet-ppp.c) |
| |
| 1795 | | | dissect_lcp_fcs_alternatives_opt(const ip_tcp_opt *optp, tvbuff_t *tvb, |
| 1796 | | | int offset, guint length, packet_info *pinfo _U_, |
| 1797 | | | proto_tree *tree) |
| 1798 | | | { |
| 1799 | | | proto_item *tf; |
| 1800 | | | proto_tree *field_tree = NULL; |
| 1801 | | | guint8 alternatives; |
| 1802 | | | |
| 1803 | | | alternatives = tvb_get_guint8(tvb, offset + 2); |
| 1804 | | | tf = proto_tree_add_text(tree, tvb, offset, length, "%s: 0x%02x", |
| 1805 | | | optp->name, alternatives); |
| 1806 | | | field_tree = proto_item_add_subtree(tf, *optp->subtree_index); |
| 1807 | | | offset += 2; |
| 1808 | | | if (alternatives & 0x1) |
Event 1:
Taking true branch. alternatives & 1 evaluates to true.
hide
|
|
| 1809 | | | proto_tree_add_text(field_tree, tvb, offset + 2, 1, "%s", |
| 1810 | [+] | | decode_boolean_bitfield(alternatives, 0x1, 8, "Null FCS", NULL)); |
Event 2:
NULL is passed to decode_boolean_bitfield() as the fifth argument. - Dereferenced later, causing the null pointer dereference.
hide
|
|
 |
| |