(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/lazy-expunge/lazy-expunge-plugin.c) |
| |
| 454 | | | lazy_expunge_mailbox_list_delete(struct mailbox_list *list, const char *name) |
| 455 | | | { |
| 456 | | | struct lazy_expunge_mail_user *luser = |
| 457 | | | LAZY_EXPUNGE_USER_CONTEXT(list->ns->user);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/lazy-expunge/lazy-expunge-plugin.c |
| |
23 | #define LAZY_EXPUNGE_USER_CONTEXT(obj) \ |
24 | MODULE_CONTEXT(obj, lazy_expunge_mail_user_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 458 | | | struct lazy_expunge_mailbox_list *llist = |
| 459 | | | LAZY_EXPUNGE_LIST_CONTEXT(list);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/lazy-expunge/lazy-expunge-plugin.c |
| |
21 | #define LAZY_EXPUNGE_LIST_CONTEXT(obj) \ |
22 | MODULE_CONTEXT(obj, lazy_expunge_mailbox_list_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 460 | | | struct lazy_expunge_mail_storage *lstorage; |
| 461 | | | struct mailbox_list *dest_list; |
| 462 | | | enum mailbox_name_status status; |
| 463 | | | const char *destname; |
| 464 | | | struct tm *tm; |
| 465 | | | char timestamp[256]; |
| 466 | | | int ret; |
| 467 | | | |
| 468 | | | if (llist->storage == NULL) { |
Event 1:
Skipping " if". llist->storage == (void *)0 evaluates to false.
hide
|
|
| 469 | | | |
| 470 | | | return llist->module_ctx.super.delete_mailbox(list, name); |
| 471 | | | } |
| 472 | | | |
| 473 | | | lstorage = LAZY_EXPUNGE_CONTEXT(llist->storage);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/plugins/lazy-expunge/lazy-expunge-plugin.c |
| |
19 | #define LAZY_EXPUNGE_CONTEXT(obj) \ |
20 | MODULE_CONTEXT(obj, lazy_expunge_mail_storage_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 474 | | | if (lstorage->internal_namespace) |
Event 2:
Skipping " if". lstorage->internal_namespace evaluates to false.
hide
|
|
| 475 | | | return llist->module_ctx.super.delete_mailbox(list, name); |
| 476 | | | |
| 477 | | | |
| 478 | | | if (strcmp(name, "INBOX") == 0) { |
Event 3:
Skipping " if". strcmp(name, "INBOX") == 0 evaluates to false.
hide
|
|
| 479 | | | mailbox_list_set_error(list, MAIL_ERROR_NOTPOSSIBLE, |
| 480 | | | "INBOX can't be deleted."); |
| 481 | | | return -1; |
| 482 | | | } |
| 483 | | | |
| 484 | [+] | | if (mailbox_list_get_mailbox_name_status(list, name, &status) < 0) |
 |
| 485 | | | return -1; |
| 486 | | | if (status == MAILBOX_NAME_INVALID) { |
Event 6:
Skipping " if". status == MAILBOX_NAME_INVALID evaluates to false.
hide
|
|
| 487 | | | mailbox_list_set_error(list, MAIL_ERROR_PARAMS, |
| 488 | | | "Invalid mailbox name"); |
| 489 | | | return -1; |
| 490 | | | } |
| 491 | | | |
| 492 | | | |
| 493 | | | tm = localtime(&ioloop_time); |
Event 7:
localtime() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 8:
tm is set to localtime(&ioloop_time), which evaluates to NULL. See related event 7.
hide
|
|
| 494 | | | if (strftime(timestamp, sizeof(timestamp), "%Y%m%d-%H%M%S", tm) == 0) |
Event 9:
tm, which evaluates to NULL, is passed to strftime() as the fourth argument. See related event 8.
hide
Null Pointer Dereference
The body of strftime() dereferences tm, but it is NULL. The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |