A potential bug of null pointer dereference(2)
Closed this issue · 0 comments
hello,I found a potential bug of null pointer dereference in source code of dynamips , would you help me check whether this bug is ture?thank you for your effort and patience very much.
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_insert_arl_entry line 1155 :
Function bcm5600_table_get_entry executes and stores the return value to entry (entry can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_insert_arl_entry line 1158 :
Load value from *(entry)
there are several bugs like this bug , so I integrate them together shown as following.
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_gen_arl_lookup line 1111 :
Function bcm5600_table_get_entry executes and stores the return value to entry (entry can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_gen_arl_lookup line 1113 :
Load value from *(entry)
==============================================================================
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_insert_arl_entry line 1169 :
Function bcm5600_table_get_entry executes and stores the return value to entry (entry can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_insert_arl_entry line 1170 :
Store d->dw[1] to *(entry)
==============================================================================
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_delete_arl_entry line 1207 :
Function bcm5600_table_get_entry executes and stores the return value to last_entry (last_entry can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_delete_arl_entry line 1209 :
Load value from last_entry[0]
==============================================================================
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_mirror_show_status line 1591 :
Function bcm5600_table_get_entry executes and stores the return value to port (port can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_mirror_show_status line 1592 :
Load value from port[1]
==============================================================================
step 1 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 806 :
Select the true branch at this point (index>table->max_index is true)
step 2 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_table_get_entry line 811 :
Return null to caller
step 3 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_arl_ager line 1256 :
Function bcm5600_table_get_entry executes and stores the return value to last_entry (last_entry can be null)
step 4 :
In file dynamips/common/dev_nm_16esw.c , function bcm5600_arl_ager line 1258 :
Load value from *(last_entry)