(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/maildir/maildir-sync-index.c) |
| |
| 616 | | | int maildir_list_index_has_changed(struct mailbox *box, |
| 617 | | | struct mail_index_view *list_view, |
| 618 | | | uint32_t seq) |
| 619 | | | { |
| 620 | | | struct maildir_mailbox *mbox = (struct maildir_mailbox *)box; |
| 621 | | | const struct maildir_list_index_record *rec; |
| 622 | | | const void *data; |
| 623 | | | const char *root_dir, *new_dir, *cur_dir; |
| 624 | | | struct stat st; |
| 625 | | | uint32_t ext_id; |
| 626 | | | bool expunged; |
| 627 | | | |
| 628 | | | ext_id = maildir_list_get_ext_id(mbox->storage, list_view); |
| 629 | [+] | | mail_index_lookup_ext(list_view, seq, ext_id, &data, &expunged); |
 |
| 630 | | | rec = data; |
| 631 | | | |
| 632 | | | if (rec == NULL || expunged || |
Event 2:
Skipping " if". - rec == (void *)0 evaluates to false.
- expunged evaluates to false.
- rec->new_mtime == 0 evaluates to false.
- rec->cur_mtime == 0 evaluates to false.
hide
|
|
| 633 | | | rec->new_mtime == 0 || rec->cur_mtime == 0) { |
| 634 | | | |
| 635 | | | return 1; |
| 636 | | | } |
| 637 | | | |
| 638 | | | root_dir = mailbox_list_get_path(mail_storage_get_list(box->storage), |
| 639 | | | box->name, |
| 640 | | | MAILBOX_LIST_PATH_TYPE_MAILBOX); |
| 641 | | | |
| 642 | | | |
| 643 | [+] | | new_dir = t_strconcat(root_dir, "/new", NULL); |
 |
| 644 | | | if (stat(new_dir, &st) < 0) { |
Event 9:
new_dir, which evaluates to NULL, is passed to stat64() as the first argument. See related event 8.
hide
Null Pointer Dereference
The body of stat64() dereferences new_dir, but it is NULL. The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |