(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/diam_dict.c) |
| |
| 2592 | | | static void DiamDictensure_buffer_stack (void) |
| 2593 | | | { |
| 2594 | | | int num_to_alloc; |
| 2595 | | | |
| 2596 | | | if (!(yy_buffer_stack)) { |
Event 1:
Skipping " if". yy_buffer_stack evaluates to true.
hide
|
|
| 2597 | | | |
| 2598 | | | |
| 2599 | | | |
| 2600 | | | |
| 2601 | | | |
| 2602 | | | num_to_alloc = 1; |
| 2603 | | | (yy_buffer_stack) = (struct yy_buffer_state**)DiamDictalloc |
| 2604 | | | (num_to_alloc * sizeof(struct yy_buffer_state*) |
| 2605 | | | ); |
| 2606 | | | if ( ! (yy_buffer_stack) ) |
| 2607 | | | YY_FATAL_ERROR( "out of dynamic memory in DiamDictensure_buffer_stack()" ); |
| 2608 | | | |
| 2609 | | | memset((yy_buffer_stack), 0, num_to_alloc * sizeof(struct yy_buffer_state*)); |
| 2610 | | | |
| 2611 | | | (yy_buffer_stack_max) = num_to_alloc; |
| 2612 | | | (yy_buffer_stack_top) = 0; |
| 2613 | | | return; |
| 2614 | | | } |
| 2615 | | | |
| 2616 | | | if ((yy_buffer_stack_top) >= ((yy_buffer_stack_max)) - 1){ |
Event 2:
Taking true branch. yy_buffer_stack_top >= yy_buffer_stack_max - 1 evaluates to true.
hide
|
|
| 2617 | | | |
| 2618 | | | |
| 2619 | | | int grow_size = 8 ; |
Event 3:
grow_size is set to 8.
hide
|
|
| 2620 | | | |
| 2621 | | | num_to_alloc = (yy_buffer_stack_max) + grow_size; |
Event 4:
num_to_alloc is set to yy_buffer_stack_max + 8. - Determines the allocation size later.
See related event 3.
hide
|
|
| 2622 | | | (yy_buffer_stack) = (struct yy_buffer_state**)DiamDictrealloc |
| 2623 | | | ((yy_buffer_stack), |
| 2624 | | | num_to_alloc * sizeof(struct yy_buffer_state*) |
Event 5:
4 * num_to_alloc, which evaluates to 4 * yy_buffer_stack_max + 32, is passed to DiamDictrealloc() as the second argument. - This multiplication may overflow and it is used as the allocation size later.
See related event 4.
hide
|
|
| 2625 | [+] | | ); |
 |
| |