(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/cydir/cydir-transaction.c) |
| |
| 57 | | | static void cydir_transaction_created(struct mail_index_transaction *t) |
| 58 | | | { |
| 59 | | | struct mailbox *box = MAIL_STORAGE_CONTEXT(t->view);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-storage-private.h |
| |
380 | #define MAIL_STORAGE_CONTEXT(obj) \ |
381 | MODULE_CONTEXT(obj, mail_storage_mail_index_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 60 | | | |
| 61 | | | |
| 62 | | | if (box != NULL && |
Event 1:
Taking true branch. - box != (void *)0 evaluates to true.
- strcmp(...) == 0 evaluates to true.
hide
|
|
| 63 | | | strcmp(box->storage->name, CYDIR_STORAGE_NAME) == 0) { |
| 64 | | | struct cydir_mailbox *cydir = (struct cydir_mailbox *)box; |
| 65 | | | struct cydir_transaction_context *mt; |
| 66 | | | |
| 67 | | | mt = i_new(struct cydir_transaction_context, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.h |
| |
8 | #define i_new(type, count) ((type *) i_malloc(sizeof(type) * (count))) |
| |
|
Event 3:
mt is set to i_malloc(...). See related event 2.
hide
|
|
| 68 | | | mt->ictx.trans = t; |
| 69 | | | mt->ictx.super = t->v; |
| 70 | | | |
| 71 | | | t->v.commit = cydir_transaction_commit; |
| 72 | | | t->v.rollback = cydir_transaction_rollback; |
| 73 | [+] | | MODULE_CONTEXT_SET(t, mail_storage_mail_index_module, mt);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
96 | #define MODULE_CONTEXT_SET(obj, id_ctx, context) \ |
97 | MODULE_CONTEXT_SET_FULL(obj, id_ctx, context, &(context)->module_ctx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
87 | #define MODULE_CONTEXT_SET_FULL(obj, id_ctx, ctx, module_ctx) STMT_START { \ |
88 | void *_module_tmp = ctx + \ |
89 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(module_ctx, \ |
90 | (**(obj)->module_contexts.v)) + \ |
91 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx); \ |
92 | array_idx_set_i(&(obj)->module_contexts.arr, \ |
93 | module_get_context_id(&(id_ctx).id), &_module_tmp); \ |
94 | } STMT_END |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
 |
| 74 | | | |
| 75 | [+] | | index_transaction_init(&mt->ictx, &cydir->ibox); |
Event 5:
mt, which evaluates to i_malloc(...) from cydir-transaction.c:67, is passed to index_transaction_init() as the first argument. See related event 3.
hide
Event 6:
The resource of interest is allocated inside index_transaction_init().
hide
|
|
 |
| 76 | | | } |
| 77 | | | |
| 78 | | | if (next_hook_mail_index_transaction_created != NULL) |
Event 43:
Skipping " if". next_hook_mail_index_transaction_created != (void *)0 evaluates to false.
hide
|
|
| 79 | | | next_hook_mail_index_transaction_created(t); |
| 80 | | | } |
Leak
There are no remaining references to the resource malloc(size) from imem.c:9. The issue can occur if the highlighted code executes. See related events 6, 8, 10, 11, 12, 14, 15, 16, 17, 18, 19, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 40, 41, 44, and 45. Show: All events | Only primary events |
|
| |