(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/backtrace-string.c) |
| |
| 15 | | | int backtrace_append(string_t *str) |
| 16 | | | { |
| 17 | | | void *stack[MAX_STACK_SIZE]; |
| 18 | | | char **strings; |
| 19 | | | int ret, i; |
| 20 | | | |
| 21 | | | ret = backtrace(stack, N_ELEMENTS(stack));
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
18 | #define N_ELEMENTS(arr) \ |
19 | (sizeof(arr) / sizeof((arr)[0])) |
| |
|
| 22 | | | if (ret <= STACK_SKIP_COUNT) |
Event 2:
Skipping " if". ret <= 2 evaluates to false.
hide
|
|
| 23 | | | return -1; |
| 24 | | | |
| 25 | | | strings = backtrace_symbols(stack, ret); |
Event 3:
backtrace_symbols is an Undefined Function.
hide
Event 4:
strings is set to backtrace_symbols(stack, ret). - Determines the freed value in the Free Null Pointer warning later.
hide
|
|
| 26 | | | for (i = STACK_SKIP_COUNT; i < ret; i++) { |
Event 5:
Entering loop body. i < ret evaluates to true.
hide
Event 9:
Continuing from loop body. Leaving loop. i < ret evaluates to false.
hide
|
|
| 27 | | | if (i > STACK_SKIP_COUNT) |
Event 6:
Skipping " if". i > 2 evaluates to false.
hide
|
|
| 28 | | | str_append(str, " -> "); |
| 29 | | | |
| 30 | | | if (strings != NULL) |
Event 7:
Taking false branch. strings != (void *)0 evaluates to false.
hide
Event 8:
Considering the case where strings is equal to 0. See related event 4.
hide
|
|
| 31 | | | str_append(str, strings[i]); |
| 32 | | | else { |
| 33 | | | |
| 34 | | | str_printfa(str, "0x%p", stack[i]); |
| 35 | | | } |
| 36 | | | } |
| 37 | | | free(strings); |
Event 10:
strings, which evaluates to NULL, is passed to free(). See related event 8.
hide
Free Null Pointer
strings is not a valid address. - strings evaluates to NULL.
- Some older implementations of free() have unsafe behavior on NULL pointers.
The issue can occur if the highlighted code executes. See related event 10. Show: All events | Only primary events |
|
| |