(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/maildir/maildir-sync.c) |
| |
| 276 | | | static int maildir_fix_duplicate(struct maildir_sync_context *ctx, |
| 277 | | | const char *dir, const char *fname2) |
| 278 | | | { |
| 279 | | | const char *fname1, *path1, *path2; |
| 280 | | | const char *new_fname, *new_path; |
| 281 | | | struct stat st1, st2; |
| 282 | | | |
| 283 | | | fname1 = maildir_uidlist_sync_get_full_filename(ctx->uidlist_sync_ctx, |
| 284 | | | fname2); |
| 285 | | | i_assert(fname1 != NULL);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 1:
Skipping " if". fname1 != (void *)0 evaluates to true.
hide
Event 2:
Skipping " if". !(fname1 != (void *)0) evaluates to false.
hide
Event 3:
Skipping " if". !!(fname1 != (void *)0) evaluates to true.
hide
Event 4:
Skipping " if". !!!(fname1 != (void *)0) evaluates to false.
hide
Event 5:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 286 | | | |
| 287 | [+] | | path1 = t_strconcat(dir, "/", fname1, NULL); |
 |
| 288 | | | path2 = t_strconcat(dir, "/", fname2, NULL); |
| 289 | | | |
| 290 | | | if (stat(path1, &st1) < 0 || stat(path2, &st2) < 0) { |
Event 12:
path1, which evaluates to NULL, is passed to stat64() as the first argument. See related event 11.
hide
Null Pointer Dereference
The body of stat64() dereferences path1, but it is NULL. The issue can occur if the highlighted code executes. See related event 12. Show: All events | Only primary events |
|
| |