(/home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c) |
| |
| 1769 | | | static int yy_get_next_buffer (void) |
| 1770 | | | { |
| 1771 | | | register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1772 | | | register char *source = (yytext_ptr); |
| 1773 | | | register int number_to_move, i; |
| 1774 | | | int ret_val; |
| 1775 | | | |
| 1776 | | | if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 1:
Skipping " if". yy_c_buf_p > &yy_buffer_stack[yy_buffer_stack_top]->yy_ch_buf[yy_n_chars + 1] evaluates to false.
hide
|
|
| 1777 | | | YY_FATAL_ERROR( |
| 1778 | | | "fatal flex scanner internal error--end of buffer missed" ); |
| 1779 | | | |
| 1780 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 2:
Skipping " if". yy_buffer_stack[yy_buffer_stack_top]->yy_fill_buffer == 0 evaluates to false.
hide
|
|
| 1781 | | | { |
| 1782 | | | if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) |
| 1783 | | | { |
| 1784 | | | |
| 1785 | | | |
| 1786 | | | |
| 1787 | | | return EOB_ACT_END_OF_FILE; |
| 1788 | | | } |
| 1789 | | | |
| 1790 | | | else |
| 1791 | | | { |
| 1792 | | | |
| 1793 | | | |
| 1794 | | | |
| 1795 | | | return EOB_ACT_LAST_MATCH; |
| 1796 | | | } |
| 1797 | | | } |
| 1798 | | | |
| 1799 | | | |
| 1800 | | | |
| 1801 | | | |
| 1802 | | | number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; |
| 1803 | | | |
| 1804 | | | for ( i = 0; i < number_to_move; ++i ) |
Event 3:
Leaving loop. i < number_to_move evaluates to false.
hide
|
|
| 1805 | | | *(dest++) = *(source++); |
| 1806 | | | |
| 1807 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 4:
Taking false branch. yy_buffer_stack[yy_buffer_stack_top]->yy_buffer_status == 2 evaluates to false.
hide
|
|
| 1808 | | | |
| 1809 | | | |
| 1810 | | | |
| 1811 | | | YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1812 | | | |
| 1813 | | | else |
| 1814 | | | { |
| 1815 | | | int num_to_read = |
| 1816 | | | YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1817 | | | |
| 1818 | | | while ( num_to_read <= 0 ) |
Event 5:
Entering loop body. num_to_read <= 0 evaluates to true.
hide
|
|
| 1819 | | | { |
| 1820 | | | |
| 1821 | | | |
| 1822 | | | YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/wiretap/ascend-scanner.c |
| |
289 | #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ |
290 | ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ |
291 | : NULL) |
| |
|
Event 6:
yy_buffer_stack evaluates to true.
hide
Event 7:
b is set to yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0. - Determines the allocation size later.
hide
|
|
| 1823 | | | |
| 1824 | | | int yy_c_buf_p_offset = |
| 1825 | | | (int) ((yy_c_buf_p) - b->yy_ch_buf); |
| 1826 | | | |
| 1827 | | | if ( b->yy_is_our_buffer ) |
Event 8:
Taking true branch. b->yy_is_our_buffer evaluates to true.
hide
|
|
| 1828 | | | { |
| 1829 | | | int new_size = b->yy_buf_size * 2; |
| 1830 | | | |
| 1831 | | | if ( new_size <= 0 ) |
Event 9:
Taking false branch. new_size <= 0 evaluates to false.
hide
|
|
| 1832 | | | b->yy_buf_size += b->yy_buf_size / 8; |
| 1833 | | | else |
| 1834 | | | b->yy_buf_size *= 2; |
Event 10:
b->yy_buf_size is set to 2 * b->yy_buf_size, which evaluates to (yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0)->yy_buf_size at ascend-scanner.c:1822, times 2, where b is yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0 from ascend-scanner.c:1822. - This multiplication may overflow and it is used as the allocation size later.
See related event 7.
hide
|
|
| 1835 | | | |
| 1836 | | | b->yy_ch_buf = (char *) |
| 1837 | | | |
| 1838 | [+] | | ascendrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); |
Event 11:
b->yy_buf_size + 2, which evaluates to (yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0)->yy_buf_size at ascend-scanner.c:1822, times 2, plus 2, is passed to ascendrealloc() as the second argument. See related events 7 and 10.
hide
|
|
 |
| |