(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/list/mailbox-list-fs.c) |
| |
| 138 | | | static const char * |
| 139 | | | fs_list_get_path(struct mailbox_list *_list, const char *name, |
| 140 | | | enum mailbox_list_path_type type) |
| 141 | | | { |
| 142 | | | const struct mailbox_list_settings *set = &_list->set; |
| 143 | | | const char *path; |
| 144 | | | |
| 145 | | | if (name == NULL) { |
Event 1:
Taking true branch. name == (void *)0 evaluates to true.
hide
|
|
| 146 | | | |
| 147 | | | switch (type) { |
Event 2:
type evaluates to 1.
hide
|
|
| 148 | | | case MAILBOX_LIST_PATH_TYPE_DIR: |
| 149 | | | return set->root_dir; |
| 150 | | | case MAILBOX_LIST_PATH_TYPE_MAILBOX: |
| 151 | | | path = t_strconcat(set->root_dir, "/", |
Event 8:
path is set to t_strconcat(...), which evaluates to NULL. See related event 7.
hide
|
|
| 152 | [+] | | set->mailbox_dir_name, NULL); |
 |
| 153 | | | return t_strndup(path, strlen(path)-1); |
Event 9:
path, which evaluates to NULL, is passed to __builtin_strlen(). See related event 8.
hide
Null Pointer Dereference
The body of __builtin_strlen() dereferences path, but it is NULL. The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |