(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c) |
| |
| 830 | | | YY_DECL |
| 831 | | | { |
| 832 | | | register yy_state_type yy_current_state; |
| 833 | | | register char *yy_cp, *yy_bp; |
| 834 | | | register int yy_act; |
| 835 | | | |
| 836 | | | #line 82 "scanner.l" |
| 837 | | | |
| 838 | | | |
| 839 | | | #line 840 "scanner.c" |
| 840 | | | |
| 841 | | | if ( !(yy_init) ) |
Event 1:
Taking true branch. yy_init evaluates to false.
hide
|
|
| 842 | | | { |
| 843 | | | (yy_init) = 1; |
| 844 | | | |
| 845 | | | #ifdef YY_USER_INIT |
| 846 | | | YY_USER_INIT; |
| 847 | | | #endif |
| 848 | | | |
| 849 | | | if ( ! (yy_start) ) |
Event 2:
Skipping " if". yy_start evaluates to true.
hide
|
|
| 850 | | | (yy_start) = 1; |
| 851 | | | |
| 852 | | | if ( ! df_in ) |
Event 3:
Taking true branch. df_in evaluates to false.
hide
|
|
| 853 | | | df_in = stdin; |
| 854 | | | |
| 855 | | | if ( ! df_out ) |
Event 4:
Taking true branch. df_out evaluates to false.
hide
|
|
| 856 | | | df_out = stdout; |
| 857 | | | |
| 858 | | | if ( ! YY_CURRENT_BUFFER ) {
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
289 | #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ |
290 | ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ |
291 | : NULL) |
| |
|
Event 5:
Skipping " if". - yy_buffer_stack evaluates to true.
- yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0 evaluates to true.
hide
|
|
| 859 | | | df_ensure_buffer_stack (); |
| 860 | | | YY_CURRENT_BUFFER_LVALUE =
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 861 | | | df__create_buffer(df_in,YY_BUF_SIZE ); |
| 862 | | | } |
| 863 | | | |
| 864 | | | df__load_buffer_state( ); |
| 865 | | | } |
| 866 | | | |
| 867 | | | while ( 1 ) |
Event 7:
Continuing from loop body. Entering loop body. 1 evaluates to true.
hide
|
|
| 868 | | | { |
| 869 | | | yy_cp = (yy_c_buf_p); |
| 870 | | | |
| 871 | | | |
| 872 | | | *yy_cp = (yy_hold_char); |
| 873 | | | |
| 874 | | | |
| 875 | | | |
| 876 | | | |
| 877 | | | yy_bp = yy_cp; |
| 878 | | | |
| 879 | | | yy_current_state = (yy_start); |
| 880 | | | yy_match: |
| 881 | | | do |
| 882 | | | { |
| 883 | | | register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; |
| 884 | | | if ( yy_accept[yy_current_state] ) |
Event 8:
Skipping " if". yy_accept[yy_current_state] evaluates to false.
hide
|
|
| 885 | | | { |
| 886 | | | (yy_last_accepting_state) = yy_current_state; |
| 887 | | | (yy_last_accepting_cpos) = yy_cp; |
| 888 | | | } |
| 889 | | | while ( yy_chk[yy_base[yy_current_state] + yy_c] != yy_current_state ) |
| 890 | | | { |
| 891 | | | yy_current_state = (int) yy_def[yy_current_state]; |
| 892 | | | if ( yy_current_state >= 111 ) |
| 893 | | | yy_c = yy_meta[(unsigned int) yy_c]; |
| 894 | | | } |
| 895 | | | yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; |
| 896 | | | ++yy_cp; |
| 897 | | | } |
| 898 | | | while ( yy_current_state != 110 ); |
Event 10:
Leaving loop. yy_current_state != 110 evaluates to false.
hide
|
|
| 899 | | | yy_cp = (yy_last_accepting_cpos); |
| 900 | | | yy_current_state = (yy_last_accepting_state); |
| 901 | | | |
| 902 | | | yy_find_action: |
| 903 | | | yy_act = yy_accept[yy_current_state]; |
| 904 | | | |
| 905 | | | YY_DO_BEFORE_ACTION;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
382 | #define YY_DO_BEFORE_ACTION \ |
383 | (yytext_ptr) = yy_bp; \ |
384 | df_leng = (size_t) (yy_cp - yy_bp); \ |
385 | (yy_hold_char) = *yy_cp; \ |
386 | *yy_cp = '\0'; \ |
387 | (yy_c_buf_p) = yy_cp; |
| |
|
| 906 | | | |
| 907 | | | do_action: |
| 908 | | | |
| 909 | | | switch ( yy_act ) |
| 910 | | | { |
| 911 | | | case 0: |
| 912 | | | |
| 913 | | | *yy_cp = (yy_hold_char); |
| 914 | | | yy_cp = (yy_last_accepting_cpos); |
| 915 | | | yy_current_state = (yy_last_accepting_state); |
| 916 | | | goto yy_find_action; |
| 917 | | | |
| 918 | | | case 1: |
| 919 | | | |
| 920 | | | YY_RULE_SETUP |
| 921 | | | #line 84 "scanner.l" |
| 922 | | | |
| 923 | | | YY_BREAK |
| 924 | | | case 2: |
| 925 | | | YY_RULE_SETUP |
| 926 | | | #line 88 "scanner.l" |
| 927 | | | return simple(TOKEN_LPAREN); |
| 928 | | | YY_BREAK |
| 929 | | | case 3: |
| 930 | | | YY_RULE_SETUP |
| 931 | | | #line 89 "scanner.l" |
| 932 | | | return simple(TOKEN_RPAREN); |
| 933 | | | YY_BREAK |
| 934 1126 |  | | [ Lines 934 to 1126 omitted. ] |
| 1127 | | | |
| 1128 | | | |
| 1129 | | | case 36: |
| 1130 | | | YY_RULE_SETUP |
| 1131 | | | #line 169 "scanner.l" |
| 1132 | | | { |
| 1133 | | | dfilter_fail("Invalid character \"%s\" found while scanning slice; expected integer.", df_text); |
| 1134 | | | return SCAN_FAILED; |
| 1135 | | | } |
| 1136 | | | YY_BREAK |
| 1137 | | | case 37: |
| 1138 | | | YY_RULE_SETUP |
| 1139 | | | #line 174 "scanner.l" |
| 1140 | | | { |
| 1141 | | | |
| 1142 | | | |
| 1143 | | | |
| 1144 | | | |
| 1145 | | | |
| 1146 | | | |
| 1147 | | | BEGIN(DQUOTE); |
| 1148 | | | |
| 1149 | | | |
| 1150 | | | |
| 1151 | | | |
| 1152 | | | if (quoted_string) { |
| 1153 | | | g_string_free(quoted_string, TRUE); |
| 1154 | | | |
| 1155 | | | |
| 1156 | | | |
| 1157 | | | } |
| 1158 | | | quoted_string = g_string_new(""); |
| 1159 | | | } |
| 1160 | | | YY_BREAK |
| 1161 | | | case YY_STATE_EOF(DQUOTE): |
| 1162 | | | #line 195 "scanner.l" |
| 1163 | | | { |
| 1164 | | | |
| 1165 | | | |
| 1166 | | | |
| 1167 | | | |
| 1168 | | | |
| 1169 | | | |
| 1170 | | | dfilter_fail("The final quote was missing from a quoted string."); |
| 1171 | | | return SCAN_FAILED; |
| 1172 | | | } |
| 1173 | | | YY_BREAK |
| 1174 | | | case 38: |
| 1175 | | | YY_RULE_SETUP |
| 1176 | | | #line 206 "scanner.l" |
| 1177 | | | { |
| 1178 | | | |
| 1179 | | | int token; |
| 1180 | | | BEGIN(INITIAL); |
| 1181 | | | token = set_lval(TOKEN_STRING, quoted_string->str); |
| 1182 | | | g_string_free(quoted_string, TRUE); |
| 1183 | | | quoted_string = NULL; |
| 1184 | | | return token; |
| 1185 | | | } |
| 1186 | | | YY_BREAK |
| 1187 | | | case 39: |
| 1188 | | | YY_RULE_SETUP |
| 1189 | | | #line 216 "scanner.l" |
| 1190 | | | { |
| 1191 | | | |
| 1192 | | | unsigned int result; |
| 1193 | | | sscanf(df_text + 1, "%o", &result); |
| 1194 | | | if (result > 0xff) { |
Event 16:
Skipping " if". result > 255 evaluates to false.
hide
Event 17:
Considering the case where result is no more than 255 so the value assigned to result at scanner.c:1193 must have been no more than 255. See related event 15.
hide
|
|
| 1195 | | | g_string_free(quoted_string, TRUE); |
| 1196 | | | quoted_string = NULL; |
| 1197 | | | dfilter_fail("%s is larger than 255.", df_text); |
| 1198 | | | return SCAN_FAILED; |
| 1199 | | | } |
| 1200 | | | g_string_append_c(quoted_string, (gchar) result);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
Cast Alters Value
result is cast from unsigned int to char. - result could be 128 or higher.
- Values 128 or higher cannot be stored as char. Casting them to char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related events 15 and 17. Show: All events | Only primary events |
|
| 1201 | | | } |
| 1202 | | | YY_BREAK |
| 1203 | | | case 40: |
| 1204 | | | YY_RULE_SETUP |
| 1205 | | | #line 229 "scanner.l" |
| 1206 | | | { |
| 1207 | | | |
| 1208 | | | unsigned int result; |
| 1209 | | | sscanf(df_text + 2, "%x", &result); |
| 1210 | | | g_string_append_c(quoted_string, (gchar) result);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
| 1211 | | | } |
| 1212 | | | YY_BREAK |
| 1213 | | | case 41: |
| 1214 | | | YY_RULE_SETUP |
| 1215 | | | #line 237 "scanner.l" |
| 1216 | | | { |
| 1217 | | | |
| 1218 | | | g_string_append_c(quoted_string, df_text[1]);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
| 1219 | | | } |
| 1220 | | | YY_BREAK |
| 1221 | | | case 42: |
| 1222 | | | |
| 1223 | | | YY_RULE_SETUP |
| 1224 | | | #line 242 "scanner.l" |
| 1225 | | | { |
| 1226 | | | |
| 1227 | | | g_string_append(quoted_string, df_text); |
| 1228 | | | } |
| 1229 | | | YY_BREAK |
| 1230 | | | case 43: |
| 1231 | | | YY_RULE_SETUP |
| 1232 | | | #line 249 "scanner.l" |
| 1233 | | | { |
| 1234 | | | |
| 1235 | | | return set_lval(TOKEN_UNPARSED, df_text); |
| 1236 | | | } |
| 1237 | | | YY_BREAK |
| 1238 | | | case 44: |
| 1239 | | | YY_RULE_SETUP |
| 1240 1262 |  | | [ Lines 1240 to 1262 omitted. ] |
| 1263 | | | } |
| 1264 | | | YY_BREAK |
| 1265 | | | case 45: |
| 1266 | | | YY_RULE_SETUP |
| 1267 | | | #line 278 "scanner.l" |
| 1268 | | | { |
| 1269 | | | |
| 1270 | | | return set_lval(TOKEN_UNPARSED, df_text); |
| 1271 | | | } |
| 1272 | | | YY_BREAK |
| 1273 | | | case 46: |
| 1274 | | | YY_RULE_SETUP |
| 1275 | | | #line 284 "scanner.l" |
| 1276 | | | ECHO; |
| 1277 | | | YY_BREAK |
| 1278 | | | #line 1279 "scanner.c" |
| 1279 | | | case YY_STATE_EOF(INITIAL): |
| 1280 | | | case YY_STATE_EOF(RANGE_INT): |
| 1281 | | | case YY_STATE_EOF(RANGE_PUNCT): |
| 1282 | | | yyterminate(); |
| 1283 | | | |
| 1284 | | | case YY_END_OF_BUFFER: |
| 1285 | | | { |
| 1286 | | | |
| 1287 | | | int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; |
| 1288 | | | |
| 1289 | | | |
| 1290 | | | *yy_cp = (yy_hold_char); |
| 1291 | | | YY_RESTORE_YY_MORE_OFFSET |
| 1292 | | | |
| 1293 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_NEW )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1294 | | | { |
| 1295 | | | |
| 1296 | | | |
| 1297 | | | |
| 1298 | | | |
| 1299 | | | |
| 1300 | | | |
| 1301 | | | |
| 1302 | | | |
| 1303 | | | |
| 1304 | | | (yy_n_chars) = YY_CURRENT_BUFFER_LVALUE->yy_n_chars;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1305 | | | YY_CURRENT_BUFFER_LVALUE->yy_input_file = df_in;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1306 | | | YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1307 | | | } |
| 1308 | | | |
| 1309 | | | |
| 1310 | | | |
| 1311 | | | |
| 1312 | | | |
| 1313 | | | |
| 1314 | | | |
| 1315 | | | |
| 1316 | | | if ( (yy_c_buf_p) <= &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)] )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1317 | | | { |
| 1318 | | | yy_state_type yy_next_state; |
| 1319 | | | |
| 1320 | | | (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; |
| 1321 | | | |
| 1322 | | | yy_current_state = yy_get_previous_state( ); |
| 1323 | | | |
| 1324 | | | |
| 1325 | | | |
| 1326 | | | |
| 1327 | | | |
| 1328 | | | |
| 1329 | | | |
| 1330 | | | |
| 1331 | | | |
| 1332 | | | |
| 1333 | | | yy_next_state = yy_try_NUL_trans( yy_current_state ); |
| 1334 | | | |
| 1335 | | | yy_bp = (yytext_ptr) + YY_MORE_ADJ; |
| 1336 | | | |
| 1337 | | | if ( yy_next_state ) |
| 1338 | | | { |
| 1339 | | | |
| 1340 | | | yy_cp = ++(yy_c_buf_p); |
| 1341 | | | yy_current_state = yy_next_state; |
| 1342 | | | goto yy_match; |
| 1343 | | | } |
| 1344 | | | |
| 1345 | | | else |
| 1346 | | | { |
| 1347 | | | yy_cp = (yy_last_accepting_cpos); |
| 1348 | | | yy_current_state = (yy_last_accepting_state); |
| 1349 | | | goto yy_find_action; |
| 1350 | | | } |
| 1351 | | | } |
| 1352 | | | |
| 1353 | | | else switch ( yy_get_next_buffer( ) ) |
| 1354 | | | { |
| 1355 | | | case EOB_ACT_END_OF_FILE: |
| 1356 | | | { |
| 1357 | | | (yy_did_buffer_switch_on_eof) = 0; |
| 1358 | | | |
| 1359 | | | if ( df_wrap( ) ) |
| 1360 | | | { |
| 1361 | | | |
| 1362 | | | |
| 1363 | | | |
| 1364 | | | |
| 1365 | | | |
| 1366 | | | |
| 1367 | | | |
| 1368 | | | |
| 1369 | | | |
| 1370 | | | (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; |
| 1371 | | | |
| 1372 | | | yy_act = YY_STATE_EOF(YY_START); |
| 1373 | | | goto do_action; |
| 1374 | | | } |
| 1375 | | | |
| 1376 | | | else |
| 1377 | | | { |
| 1378 | | | if ( ! (yy_did_buffer_switch_on_eof) ) |
| 1379 | | | YY_NEW_FILE; |
| 1380 | | | } |
| 1381 | | | break; |
| 1382 | | | } |
| 1383 | | | |
| 1384 | | | case EOB_ACT_CONTINUE_SCAN: |
| 1385 | | | (yy_c_buf_p) = |
| 1386 | | | (yytext_ptr) + yy_amount_of_matched_text; |
| 1387 | | | |
| 1388 | | | yy_current_state = yy_get_previous_state( ); |
| 1389 | | | |
| 1390 | | | yy_cp = (yy_c_buf_p); |
| 1391 | | | yy_bp = (yytext_ptr) + YY_MORE_ADJ; |
| 1392 | | | goto yy_match; |
| 1393 | | | |
| 1394 | | | case EOB_ACT_LAST_MATCH: |
| 1395 | | | (yy_c_buf_p) = |
| 1396 | | | &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars)];
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1397 | | | |
| 1398 | | | yy_current_state = yy_get_previous_state( ); |
| 1399 | | | |
| 1400 | | | yy_cp = (yy_c_buf_p); |
| 1401 | | | yy_bp = (yytext_ptr) + YY_MORE_ADJ; |
| 1402 | | | goto yy_find_action; |
| 1403 | | | } |
| 1404 | | | break; |
| |