(/home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/wimaxasncp/wimaxasncp_dict.c) |
| |
| 1874 | | | static int yy_get_next_buffer (void) |
| 1875 | | | { |
| 1876 | | | register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; |
| 1877 | | | register char *source = (yytext_ptr); |
| 1878 | | | register int number_to_move, i; |
| 1879 | | | int ret_val; |
| 1880 | | | |
| 1881 | | | if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] ) |
Event 1:
Skipping " if". yy_c_buf_p > &yy_buffer_stack[yy_buffer_stack_top]->yy_ch_buf[yy_n_chars + 1] evaluates to false.
hide
|
|
| 1882 | | | YY_FATAL_ERROR( |
| 1883 | | | "fatal flex scanner internal error--end of buffer missed" ); |
| 1884 | | | |
| 1885 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 ) |
Event 2:
Skipping " if". yy_buffer_stack[yy_buffer_stack_top]->yy_fill_buffer == 0 evaluates to false.
hide
|
|
| 1886 | | | { |
| 1887 | | | if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) |
| 1888 | | | { |
| 1889 | | | |
| 1890 | | | |
| 1891 | | | |
| 1892 | | | return EOB_ACT_END_OF_FILE; |
| 1893 | | | } |
| 1894 | | | |
| 1895 | | | else |
| 1896 | | | { |
| 1897 | | | |
| 1898 | | | |
| 1899 | | | |
| 1900 | | | return EOB_ACT_LAST_MATCH; |
| 1901 | | | } |
| 1902 | | | } |
| 1903 | | | |
| 1904 | | | |
| 1905 | | | |
| 1906 | | | |
| 1907 | | | number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; |
| 1908 | | | |
| 1909 | | | for ( i = 0; i < number_to_move; ++i ) |
Event 3:
Leaving loop. i < number_to_move evaluates to false.
hide
|
|
| 1910 | | | *(dest++) = *(source++); |
| 1911 | | | |
| 1912 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING ) |
Event 4:
Taking false branch. yy_buffer_stack[yy_buffer_stack_top]->yy_buffer_status == 2 evaluates to false.
hide
|
|
| 1913 | | | |
| 1914 | | | |
| 1915 | | | |
| 1916 | | | YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0; |
| 1917 | | | |
| 1918 | | | else |
| 1919 | | | { |
| 1920 | | | int num_to_read = |
| 1921 | | | YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; |
| 1922 | | | |
| 1923 | | | while ( num_to_read <= 0 ) |
Event 5:
Entering loop body. num_to_read <= 0 evaluates to true.
hide
|
|
| 1924 | | | { |
| 1925 | | | |
| 1926 | | | |
| 1927 | | | YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/plugins/wimaxasncp/wimaxasncp_dict.c |
| |
289 | #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ |
290 | ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ |
291 | : NULL) |
| |
|
Event 6:
yy_buffer_stack evaluates to true.
hide
Event 7:
b is set to yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0. - Determines the allocation size later.
hide
|
|
| 1928 | | | |
| 1929 | | | int yy_c_buf_p_offset = |
| 1930 | | | (int) ((yy_c_buf_p) - b->yy_ch_buf); |
| 1931 | | | |
| 1932 | | | if ( b->yy_is_our_buffer ) |
Event 8:
Taking true branch. b->yy_is_our_buffer evaluates to true.
hide
|
|
| 1933 | | | { |
| 1934 | | | int new_size = b->yy_buf_size * 2; |
| 1935 | | | |
| 1936 | | | if ( new_size <= 0 ) |
Event 9:
Taking false branch. new_size <= 0 evaluates to false.
hide
|
|
| 1937 | | | b->yy_buf_size += b->yy_buf_size / 8; |
| 1938 | | | else |
| 1939 | | | b->yy_buf_size *= 2; |
Event 10:
b->yy_buf_size is set to 2 * b->yy_buf_size, which evaluates to (yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0)->yy_buf_size at wimaxasncp_dict.c:1927, times 2, where b is yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0 from wimaxasncp_dict.c:1927. - This multiplication may overflow and it is used as the allocation size later.
See related event 7.
hide
|
|
| 1940 | | | |
| 1941 | | | b->yy_ch_buf = (char *) |
| 1942 | | | |
| 1943 | [+] | | WimaxasncpDictrealloc((void *) b->yy_ch_buf,b->yy_buf_size + 2 ); |
Event 11:
b->yy_buf_size + 2, which evaluates to (yy_buffer_stack ? yy_buffer_stack[yy_buffer_stack_top] : (void *)0)->yy_buf_size at wimaxasncp_dict.c:1927, times 2, plus 2, is passed to WimaxasncpDictrealloc() as the second argument. See related events 7 and 10.
hide
|
|
 |
| |