(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/master/dict-process.c) |
| |
| 38 | | | static int dict_process_create(struct dict_listener *listener) |
| 39 | | | { |
| 40 | | | struct dict_process *process; |
| 41 | | | struct log_io *log; |
| 42 | | | const char *executable, *const *dicts; |
| 43 | | | unsigned int i, count; |
| 44 | | | int log_fd; |
| 45 | | | pid_t pid; |
| 46 | | | |
| 47 | | | process = i_new(struct dict_process, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/imem.h |
| |
8 | #define i_new(type, count) ((type *) i_malloc(sizeof(type) * (count))) |
| |
|
| 48 | | | process->process.type = PROCESS_TYPE_DICT; |
| 49 | | | process->listener = listener; |
| 50 | | | |
| 51 | [+] | | log_fd = log_create_pipe(&log, 0); |
 |
| 52 | | | if (log_fd < 0) |
Event 4:
Taking true branch. log_fd < 0 evaluates to true.
hide
|
|
| 53 | | | pid = -1; |
| 54 | | | else { |
| 55 | | | pid = fork(); |
| 56 | | | if (pid < 0) |
| 57 | | | i_error("fork() failed: %m"); |
| 58 | | | } |
| 59 | | | |
| 60 | | | if (pid < 0) { |
Event 5:
Taking true branch. pid < 0 evaluates to true.
hide
|
|
| 61 | | | (void)close(log_fd); |
Event 6:
log_fd, which evaluates to -1, is passed to close(). See related event 3.
hide
Negative file descriptor
File descriptor argument log_fd has value -1. - close() will fail when called with a negative file descriptor.
The issue can occur if the highlighted code executes. See related event 6. Show: All events | Only primary events |
|
| |