(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/index-mail.c) |
| |
| 385 | | | int index_mail_get_virtual_size(struct mail *_mail, uoff_t *size_r) |
| 386 | | | { |
| 387 | | | struct index_mail *mail = (struct index_mail *)_mail; |
Event 1:
mail is set to _mail. - Dereferenced later, causing the null pointer dereference.
hide
|
|
| 388 | | | struct index_mail_data *data = &mail->data; |
Event 2:
data is set to &mail->data, which evaluates to &_mail[7].transaction. See related event 1.
hide
|
|
| 389 | | | struct message_size hdr_size, body_size; |
| 390 | | | struct istream *input; |
| 391 | | | uoff_t old_offset; |
| 392 | | | |
| 393 | [+] | | if (index_mail_get_cached_virtual_size(mail, size_r)) |
 |
| 394 | | | return 0; |
| 395 | | | |
| 396 | | | old_offset = data->stream == NULL ? 0 : data->stream->v_offset; |
Event 7:
data->stream == (void *)0 evaluates to true.
hide
Event 8:
Considering the case where data->stream is equal to 0 so _mail[11].lookup_abort must have been equal to 0. See related event 2.
hide
|
|
| 397 | [+] | | if (mail_get_stream(_mail, &hdr_size, &body_size, &input) < 0) |
 |
| 398 | | | return -1; |
| 399 | [+] | | i_stream_seek(data->stream, old_offset); |
Event 11:
data->stream, which evaluates to _mail[11].lookup_abort, is passed to i_stream_seek() as the first argument. See related event 2.
hide
|
|
 |
| |