(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-index/mail-transaction-log-file.c) |
| |
| 1467 | | | int mail_transaction_log_file_map(struct mail_transaction_log_file *file, |
| 1468 | | | uoff_t start_offset, uoff_t end_offset) |
| 1469 | | | { |
| 1470 | | | struct mail_index *index = file->log->index; |
| 1471 | | | size_t size; |
| 1472 | | | int ret; |
| 1473 | | | |
| 1474 | | | if (file->hdr.indexid == 0) { |
Event 1:
Skipping " if". file->hdr.indexid == 0 evaluates to false.
hide
|
|
| 1475 | | | |
| 1476 | | | return 0; |
| 1477 | | | } |
| 1478 | | | |
| 1479 | | | i_assert(start_offset >= file->hdr.hdr_size);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 2:
Skipping " if". start_offset >= file->hdr.hdr_size evaluates to true.
hide
Event 3:
Skipping " if". !(start_offset >= file->hdr.hdr_size) evaluates to false.
hide
Event 4:
Skipping " if". !!(start_offset >= file->hdr.hdr_size) evaluates to true.
hide
Event 5:
Skipping " if". !!!(start_offset >= file->hdr.hdr_size) evaluates to false.
hide
Event 6:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 1480 | | | i_assert(start_offset <= end_offset);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 7:
Skipping " if". start_offset <= end_offset evaluates to true.
hide
Event 8:
Skipping " if". !(start_offset <= end_offset) evaluates to false.
hide
Event 9:
Skipping " if". !!(start_offset <= end_offset) evaluates to true.
hide
Event 10:
Skipping " if". !!!(start_offset <= end_offset) evaluates to false.
hide
Event 11:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 1481 | | | |
| 1482 | | | if (index->log_locked && file == file->log->head && |
Event 12:
Skipping " if". index->log_locked evaluates to false.
hide
|
|
| 1483 | | | end_offset == (uoff_t)-1) { |
| 1484 | | | |
| 1485 | | | if (log_file_map_check_offsets(file, start_offset, |
| 1486 | | | end_offset) == 0) |
| 1487 | | | return 0; |
| 1488 | | | i_assert(start_offset <= file->sync_offset);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
| 1489 | | | end_offset = file->sync_offset; |
| 1490 | | | } |
| 1491 | | | |
| 1492 | | | if (file->buffer != NULL && file->buffer_offset <= start_offset) { |
Event 13:
Skipping " if". file->buffer != (void *)0 evaluates to false.
hide
Event 14:
Considering the case where file->buffer must have been equal to 0.
hide
|
|
| 1493 | | | |
| 1494 | | | size = buffer_get_used_size(file->buffer); |
| 1495 | | | if (file->buffer_offset + size >= end_offset) |
| 1496 | | | return 1; |
| 1497 | | | } |
| 1498 | | | |
| 1499 | | | if (MAIL_TRANSACTION_LOG_FILE_IN_MEMORY(file)) { |
Event 15:
Skipping " if". file->fd == -1 evaluates to false.
hide
|
|
| 1500 | | | if (start_offset < file->buffer_offset) { |
| 1501 | | | |
| 1502 | | | |
| 1503 | | | mail_index_set_error(index, |
| 1504 | | | "%s: Beginning of the log isn't available", |
| 1505 | | | file->filepath); |
| 1506 | | | return 0; |
| 1507 | | | } |
| 1508 | | | return log_file_map_check_offsets(file, start_offset, |
| 1509 | | | end_offset); |
| 1510 | | | } |
| 1511 | | | |
| 1512 | | | if (start_offset > file->sync_offset) |
Event 16:
Skipping " if". start_offset > file->sync_offset evaluates to false.
hide
|
|
| 1513 | | | mail_transaction_log_file_skip_to_head(file); |
| 1514 | | | if (start_offset > file->sync_offset) { |
Event 17:
Skipping " if". start_offset > file->sync_offset evaluates to false.
hide
|
|
| 1515 | | | |
| 1516 | | | |
| 1517 | | | |
| 1518 | | | start_offset = file->sync_offset; |
| 1519 | | | } |
| 1520 | | | |
| 1521 | | | if (!index->mmap_disable) |
Event 18:
Taking false branch. index->mmap_disable evaluates to true.
hide
|
|
| 1522 | | | ret = mail_transaction_log_file_map_mmap(file, start_offset); |
| 1523 | | | else { |
| 1524 | [+] | | mail_transaction_log_file_munmap(file); |
Event 19:
file is passed to mail_transaction_log_file_munmap(). - Dereferenced later, causing the null pointer dereference.
hide
|
|
 |
| |