(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/lazy-expunge/lazy-expunge-plugin.c) |
| |
| 169 | | | static int lazy_expunge_move_expunges(struct mailbox *srcbox, |
| 170 | | | struct lazy_expunge_transaction *lt) |
| 171 | | | { |
| 172 | | | struct maildir_mailbox *msrcbox = (struct maildir_mailbox *)srcbox; |
| 173 | | | struct mailbox_transaction_context *trans; |
| 174 | | | struct index_transaction_context *itrans; |
| 175 | | | struct lazy_expunge_move_context ctx; |
| 176 | | | const struct seq_range *range; |
| 177 | | | unsigned int i, count; |
| 178 | | | const char *dir; |
| 179 | | | uint32_t seq, uid, seq1, seq2; |
| 180 | | | bool is_file; |
| 181 | | | int ret = 0; |
| 182 | | | |
| 183 | | | dir = mail_storage_get_mailbox_path(lt->expunge_box->storage, |
| 184 | | | lt->expunge_box->name, &is_file); |
| 185 | [+] | | dir = t_strconcat(dir, "/cur/", NULL); |
 |
| 186 | | | |
| 187 | | | ctx.path = str_new(default_pool, 256); |
| 188 | [+] | | str_append(ctx.path, dir); |
Event 7:
dir, which evaluates to NULL, is passed to str_append() as the second argument. See related event 6.
hide
|
|
 |
| |