(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/maildir/maildir-save.c) |
| |
| 435 | | | static int maildir_save_finish_real(struct mail_save_context *_ctx) |
| 436 | | | { |
| 437 | | | struct maildir_save_context *ctx = (struct maildir_save_context *)_ctx; |
Event 1:
ctx is set to _ctx. - Determines the file descriptor in the Negative File Descriptor warning later.
hide
|
|
| 438 | | | struct mail_storage *storage = &ctx->mbox->storage->storage; |
| 439 | | | struct utimbuf buf; |
| 440 | | | struct stat st; |
| 441 | | | const char *path; |
| 442 | | | int output_errno; |
| 443 | | | |
| 444 | | | ctx->finished = TRUE; |
Event 2:
!0 evaluates to true.
hide
|
|
| 445 | | | if (ctx->failed && ctx->fd == -1) { |
Event 3:
Skipping " if". ctx->failed evaluates to false.
hide
|
|
| 446 | | | |
| 447 | | | return -1; |
| 448 | | | } |
| 449 | | | |
| 450 | | | path = t_strconcat(ctx->tmpdir, "/", ctx->file_last->basename, NULL); |
| 451 | [+] | | if (o_stream_flush(_ctx->output) < 0) { |
 |
| 452 | | | if (!mail_storage_set_error_from_errno(storage)) { |
| 453 | | | mail_storage_set_critical(storage, |
| 454 | | | "o_stream_flush(%s) failed: %m", path); |
| 455 | | | } |
| 456 | | | ctx->failed = TRUE; |
| 457 | | | } |
| 458 | | | |
| 459 | | | if (ctx->ctx.received_date != (time_t)-1) { |
Event 12:
Taking false branch. ctx->ctx.received_date != (time_t)-1 evaluates to false.
hide
|
|
| 460 | | | |
| 461 | | | buf.actime = ioloop_time; |
| 462 | | | buf.modtime = ctx->ctx.received_date; |
| 463 | | | |
| 464 | | | if (utime(path, &buf) < 0) { |
| 465 | | | ctx->failed = TRUE; |
| 466 | | | mail_storage_set_critical(storage, |
| 467 | | | "utime(%s) failed: %m", path); |
| 468 | | | } |
| 469 | | | } else if (ctx->fd != -1) { |
Event 13:
Taking false branch. ctx->fd != -1 evaluates to false.
hide
Event 14:
Considering the case where ctx->fd is equal to -1 so _ctx[3].dest_mail must have been equal to -1. See related event 1.
hide
|
|
| 470 | | | if (fstat(ctx->fd, &st) == 0) |
| 471 | | | ctx->ctx.received_date = st.st_mtime;
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 472 | | | else { |
| 473 | | | ctx->failed = TRUE; |
| 474 | | | mail_storage_set_critical(storage, |
| 475 | | | "fstat(%s) failed: %m", path); |
| 476 | | | } |
| 477 | | | } else { |
| 478 | | | |
| 479 | | | if (stat(path, &st) == 0) |
Event 15:
Taking true branch. stat(path, &st) == 0 evaluates to true.
hide
|
|
| 480 | | | ctx->ctx.received_date = st.st_mtime;
x /usr/include/bits/stat.h |
| |
95 | # define st_mtime st_mtim.tv_sec |
| |
|
| 481 | | | else { |
| 482 | | | ctx->failed = TRUE; |
| 483 | | | mail_storage_set_critical(storage, |
| 484 | | | "stat(%s) failed: %m", path); |
| 485 | | | } |
| 486 | | | } |
| 487 | | | |
| 488 | | | if (ctx->cur_dest_mail != NULL) { |
Event 16:
Taking true branch. ctx->cur_dest_mail != (void *)0 evaluates to true.
hide
|
|
| 489 | | | index_mail_cache_parse_deinit(ctx->cur_dest_mail, |
| 490 | | | ctx->ctx.received_date, |
| 491 | | | !ctx->failed); |
Event 17:
!ctx->failed evaluates to true.
hide
|
|
| 492 | | | } |
| 493 | | | i_stream_unref(&ctx->input); |
| 494 | | | |
| 495 | | | |
| 496 | | | ctx->file_last->size = _ctx->output->offset; |
| 497 | | | if (ctx->cur_dest_mail == NULL || |
Event 18:
Skipping " if". ctx->cur_dest_mail == (void *)0 evaluates to false.
hide
|
|
| 498 | | | mail_get_virtual_size(ctx->cur_dest_mail, |
| 499 | [+] | | &ctx->file_last->vsize) < 0) |
 |
| 500 | | | ctx->file_last->vsize = (uoff_t)-1; |
| 501 | | | |
| 502 | | | output_errno = _ctx->output->stream_errno; |
| 503 | | | o_stream_destroy(&_ctx->output); |
| 504 | | | |
| 505 | | | if (!ctx->mbox->ibox.fsync_disable && !ctx->failed) { |
Event 20:
Skipping " if". ctx->mbox->ibox.fsync_disable evaluates to true.
hide
|
|
| 506 | | | if (fsync(ctx->fd) < 0) { |
| 507 | | | if (!mail_storage_set_error_from_errno(storage)) { |
| 508 | | | mail_storage_set_critical(storage, |
| 509 | | | "fsync(%s) failed: %m", path); |
| 510 | | | } |
| 511 | | | ctx->failed = TRUE; |
| 512 | | | } |
| 513 | | | } |
| 514 | | | if (close(ctx->fd) < 0) { |
Event 21:
ctx->fd, which evaluates to _ctx[3].dest_mail, is passed to close(). See related event 1.
hide
Negative file descriptor
File descriptor argument ctx->fd has value -1. - close() will fail when called with a negative file descriptor.
The issue can occur if the highlighted code executes. See related events 14 and 21. Show: All events | Only primary events |
|
| |