(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/index-transaction.c) |
| |
| 60 | | | struct mailbox_transaction_context * |
| 61 | | | index_transaction_begin(struct mailbox *box, |
| 62 | | | enum mailbox_transaction_flags flags) |
| 63 | | | { |
| 64 | | | struct index_mailbox *ibox = (struct index_mailbox *)box; |
| 65 | | | struct mail_index_transaction *t; |
| 66 | | | struct index_transaction_context *it; |
| 67 | | | enum mail_index_transaction_flags trans_flags; |
| 68 | | | |
| 69 | | | if (!box->opened) |
Event 1:
Skipping " if". box->opened evaluates to true.
hide
|
|
| 70 | | | index_storage_mailbox_open(ibox); |
| 71 | | | |
| 72 | | | trans_flags = MAIL_INDEX_TRANSACTION_FLAG_AVOID_FLAG_UPDATES; |
| 73 | | | if ((flags & MAILBOX_TRANSACTION_FLAG_HIDE) != 0) |
Event 2:
Skipping " if". (flags & MAILBOX_TRANSACTION_FLAG_HIDE) != 0 evaluates to false.
hide
|
|
| 74 | | | trans_flags |= MAIL_INDEX_TRANSACTION_FLAG_HIDE; |
| 75 | | | if ((flags & MAILBOX_TRANSACTION_FLAG_EXTERNAL) != 0) |
Event 3:
Skipping " if". (flags & MAILBOX_TRANSACTION_FLAG_EXTERNAL) != 0 evaluates to false.
hide
|
|
| 76 | | | trans_flags |= MAIL_INDEX_TRANSACTION_FLAG_EXTERNAL; |
| 77 | | | if ((flags & MAILBOX_TRANSACTION_FLAG_REFRESH) != 0) |
Event 4:
Skipping " if". (flags & MAILBOX_TRANSACTION_FLAG_REFRESH) != 0 evaluates to false.
hide
|
|
| 78 | | | (void)mail_index_refresh(ibox->index); |
| 79 | [+] | | t = mail_index_transaction_begin(ibox->view, trans_flags); |
Event 5:
The resource of interest is allocated inside mail_index_transaction_begin().
hide
|
|
 |
| 80 | | | |
| 81 | [+] | | it = MAIL_STORAGE_CONTEXT(t);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/mail-storage-private.h |
| |
380 | #define MAIL_STORAGE_CONTEXT(obj) \ |
381 | MODULE_CONTEXT(obj, mail_storage_mail_index_module) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
46 | #define MODULE_CONTEXT(obj, id_ctx) \ |
47 | (*((void **)array_idx_modifiable(&(obj)->module_contexts, \ |
48 | (id_ctx).id.module_id) + \ |
49 | OBJ_REGISTER_COMPATIBLE(obj, id_ctx))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
179 | #define array_idx_modifiable(array, idx) \ |
180 | ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
181 | array_idx_modifiable_i(&(array)->arr, idx) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
45 | # define ARRAY_TYPE_CAST_MODIFIABLE(array) \ |
46 | (typeof(*(array)->v_modifiable)) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/module-context.h |
| |
43 | #define OBJ_REGISTER_COMPATIBLE(obj, id_ctx) \ |
44 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(OBJ_REGISTER(obj), (id_ctx).reg) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
Event 26:
The resource of interest is passed to array_idx_modifiable_i() as the first argument. - array_idx_modifiable_i() does not free it or save any references that are freed later.
- &t->module_contexts, which evaluates to malloc(size) + 628 from imem.c:9, is passed to array_idx_modifiable_i() as the first argument.
See related event 25.
hide
|
|
 |
| 82 | | | if (it == NULL) { |
Event 30:
Skipping " if". it == (void *)0 evaluates to false.
hide
|
|
| 83 | | | i_panic("mail storage transaction context mising for type %s", |
| 84 | | | box->storage->name); |
| 85 | | | } |
| 86 | | | it->flags = flags; |
| 87 | | | return &it->mailbox_ctx; |
Leak
There are no remaining references to the resource malloc(size) from imem.c:9. The issue can occur if the highlighted code executes. See related events 5, 6, 7, 8, 10, 11, 12, 16, 17, 18, 19, 20, 21, 23, 24, 25, 26, 27, 29, and 31. Show: All events | Only primary events |
|
| |