(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/dict/dict-server.c) |
| |
| 311 | | | static int cmd_atomic_inc(struct dict_client_connection *conn, const char *line) |
| 312 | | | { |
| 313 | | | struct dict_server_transaction *trans; |
| 314 | | | const char *const *args; |
| 315 | | | long long arg; |
| 316 | | | |
| 317 | | | |
| 318 | [+] | | args = t_strsplit(line, "\t"); |
 |
| 319 | [+] | | if (str_array_length(args) != 3) { |
 |
| 320 | | | i_error("dict client: ATOMIC_INC: broken input"); |
| 321 | | | return -1; |
| 322 | | | } |
| 323 | | | |
| 324 | [+] | | if (dict_server_transaction_lookup_parse(conn, args[0], &trans) < 0) |
 |
| 325 | | | return -1; |
| 326 | | | |
| 327 | | | if (*args[2] != '-') |
Event 27:
Taking true branch. *args[2] != 45 evaluates to true.
hide
|
|
| 328 | | | arg = (long long)strtoull(args[2], NULL, 10); |
| 329 | | | else |
| 330 | | | arg = -(long long)strtoull(args[2]+1, NULL, 10); |
| 331 | [+] | | dict_atomic_inc(trans->ctx, args[1], arg); |
Event 28:
args[1], which evaluates to NULL, is passed to dict_atomic_inc() as the second argument. See related events 17 and 20.
hide
|
|
 |
| |