(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/raw/raw-storage.c) |
| |
| 130 | | | static struct mailbox * |
| 131 | | | raw_mailbox_open(struct mail_storage *_storage, const char *name, |
| 132 | | | struct istream *input, enum mailbox_open_flags flags) |
| 133 | | | { |
| 134 | | | struct raw_storage *storage = (struct raw_storage *)_storage; |
| 135 | | | struct raw_mailbox *mbox; |
| 136 | | | const char *path; |
| 137 | | | pool_t pool; |
| 138 | | | bool stream = input != NULL; |
Event 1:
input != (void *)0 evaluates to true.
hide
|
|
| 139 | | | |
| 140 | | | flags |= MAILBOX_OPEN_READONLY | MAILBOX_OPEN_NO_INDEX_FILES; |
| 141 | | | |
| 142 | | | path = mailbox_list_get_path(_storage->list, name, |
| 143 | | | MAILBOX_LIST_PATH_TYPE_MAILBOX); |
| 144 | | | if (input != NULL) |
Event 2:
Taking true branch. input != (void *)0 evaluates to true.
hide
|
|
| 145 | | | i_stream_ref(input); |
| 146 | | | else { |
| 147 | | | if (raw_mailbox_open_input(_storage, name, path, &input) < 0) |
| 148 | | | return NULL; |
| 149 | | | } |
| 150 | | | |
| 151 | | | pool = pool_alloconly_create("raw mailbox", 1024+512); |
| 152 | | | mbox = p_new(pool, struct raw_mailbox, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
84 | #define p_new(pool, type, count) \ |
85 | ((type *) p_malloc(pool, sizeof(type) * (count))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/mempool.h |
| |
87 | #define p_malloc(pool, size) (pool)->v->malloc(pool, size) |
| |
|
| 153 | | | mbox->ibox.box = raw_mailbox; |
| 154 | | | mbox->ibox.box.pool = pool; |
| 155 | | | mbox->ibox.storage = &storage->storage; |
| 156 | | | mbox->ibox.mail_vfuncs = &raw_mail_vfuncs; |
| 157 | [+] | | mbox->ibox.index = index_storage_alloc(_storage, name, flags, NULL); |
Event 3:
NULL is passed to index_storage_alloc() as the fourth argument. - Dereferenced later, causing the null pointer dereference.
hide
|
|
 |
| |