(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/mail-process.c) |
| |
| 248 | | | env_put_namespace(struct namespace_settings *ns, const char *default_location, |
| 249 | | | const struct var_expand_table *table) |
| 250 | | | { |
| 251 | | | const char *location; |
| 252 | | | unsigned int i; |
| 253 | | | string_t *str; |
| 254 | | | |
| 255 | | | if (default_location == NULL) |
Event 1:
Taking true branch. default_location == (void *)0 evaluates to true.
hide
|
|
| 256 | | | default_location = ""; |
Event 2:
default_location is set to "". - This points to the buffer that will be overrun later.
hide
|
|
| 257 | | | |
| 258 | | | for (i = 1; ns != NULL; i++, ns = ns->next) { |
Event 3:
Entering loop body. ns != (void *)0 evaluates to true.
hide
|
|
| 259 | | | location = *ns->location != '\0' ? ns->location : |
Event 4:
*ns->location != 0 evaluates to false.
hide
|
|
| 260 | | | default_location; |
Event 5:
location is set to *ns->location != 0 ? ns->location : default_location, which evaluates to "". See related event 2.
hide
|
|
| 261 | [+] | | location = expand_mail_env(location, table); |
Event 6:
location, which evaluates to "", is passed to expand_mail_env() as the first argument. See related event 5.
hide
|
|
 |
| |