(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/util/rawlog.c) |
| |
| 245 | | | static struct rawlog_proxy * |
| 246 | | | rawlog_proxy_create(int client_in_fd, int client_out_fd, int server_fd, |
| 247 | | | const char *path, enum rawlog_flags flags) |
| 248 | | | { |
| 249 | | | struct rawlog_proxy *proxy; |
| 250 | | | |
| 251 | [+] | | proxy = i_new(struct rawlog_proxy, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.h |
| |
8 | #define i_new(type, count) ((type *) i_malloc(sizeof(type) * (count))) |
| |
|
 |
| 252 | | | proxy->server_fd = server_fd; |
| 253 | | | proxy->server_input = |
| 254 | | | i_stream_create_fd(server_fd, MAX_PROXY_INPUT_SIZE, FALSE); |
| 255 | | | proxy->server_output = o_stream_create_fd(server_fd, (size_t)-1, FALSE); |
| 256 | | | proxy->server_io = io_add(server_fd, IO_READ, server_input, proxy);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/ioloop.h |
| |
50 | #define io_add(fd, condition, callback, context) \ |
51 | CONTEXT_CALLBACK(io_add, io_callback_t, \ |
52 | callback, context, fd, condition) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
146 | # define CONTEXT_CALLBACK(name, callback_type, callback, context, ...) \ |
147 | ({(void)(1 ? 0 : callback(context)); \ |
148 | name(__VA_ARGS__, (callback_type *)callback, context); }) |
| |
|
Event 6:
1 evaluates to true.
hide
|
|
| 257 | | | o_stream_set_flush_callback(proxy->server_output, server_output, proxy);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/ostream.h |
| |
54 | #define o_stream_set_flush_callback(stream, callback, context) \ |
55 | CONTEXT_CALLBACK(o_stream_set_flush_callback, stream_flush_callback_t, \ |
56 | callback, context, stream) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
146 | # define CONTEXT_CALLBACK(name, callback_type, callback, context, ...) \ |
147 | ({(void)(1 ? 0 : callback(context)); \ |
148 | name(__VA_ARGS__, (callback_type *)callback, context); }) |
| |
|
Event 7:
1 evaluates to true.
hide
|
|
| 258 | | | |
| 259 | | | proxy->client_in_fd = client_in_fd; |
| 260 | | | proxy->client_out_fd = client_out_fd; |
| 261 | | | proxy->client_output = |
| 262 | | | o_stream_create_fd(client_out_fd, (size_t)-1, FALSE); |
| 263 | | | proxy->client_io = io_add(proxy->client_in_fd, IO_READ,
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/ioloop.h |
| |
50 | #define io_add(fd, condition, callback, context) \ |
51 | CONTEXT_CALLBACK(io_add, io_callback_t, \ |
52 | callback, context, fd, condition) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
146 | # define CONTEXT_CALLBACK(name, callback_type, callback, context, ...) \ |
147 | ({(void)(1 ? 0 : callback(context)); \ |
148 | name(__VA_ARGS__, (callback_type *)callback, context); }) |
| |
|
| 264 | | | client_input, proxy); |
Event 8:
1 evaluates to true.
hide
|
|
| 265 | | | o_stream_set_flush_callback(proxy->client_output, client_output, proxy);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/ostream.h |
| |
54 | #define o_stream_set_flush_callback(stream, callback, context) \ |
55 | CONTEXT_CALLBACK(o_stream_set_flush_callback, stream_flush_callback_t, \ |
56 | callback, context, stream) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
146 | # define CONTEXT_CALLBACK(name, callback_type, callback, context, ...) \ |
147 | ({(void)(1 ? 0 : callback(context)); \ |
148 | name(__VA_ARGS__, (callback_type *)callback, context); }) |
| |
|
Event 9:
1 evaluates to true.
hide
|
|
| 266 | | | |
| 267 | | | proxy->last_out_lf = TRUE; |
Event 10:
!0 evaluates to true.
hide
|
|
| 268 | | | proxy->flags = flags; |
| 269 | | | |
| 270 | | | proxy->fd_in = proxy->fd_out = -1; |
Event 11:
proxy->fd_out is set to -1, where proxy is malloc(size) from imem.c:9. - Determines the file descriptor in the Negative File Descriptor warning later.
See related event 5.
hide
Event 12:
proxy->fd_in is set to proxy->fd_out, which evaluates to -1, where proxy is malloc(size) from imem.c:9. See related events 5 and 11.
hide
|
|
| 271 | [+] | | proxy_open_logs(proxy, path); |
Event 13:
proxy, which evaluates to malloc(size) from imem.c:9, is passed to proxy_open_logs() as the first argument. See related event 5.
hide
|
|
 |
| |