(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 2539 | | | void Parse(struct lemon *gp) |
| 2540 | | | { |
| 2541 | | | struct pstate ps; |
| 2542 | | | FILE *fp; |
| 2543 | | | char *filebuf; |
| 2544 | | | long filesize; |
| 2545 | | | int lineno; |
| 2546 | | | char c; |
| 2547 | | | char *cp, *nextcp; |
| 2548 | | | int startline = 0; |
| 2549 | | | |
| 2550 | | | memset(&ps, '\0', sizeof(ps)); |
| 2551 | | | ps.gp = gp; |
| 2552 | | | ps.filename = gp->filename; |
| 2553 | | | ps.errorcnt = 0; |
| 2554 | | | ps.state = INITIALIZE; |
| 2555 | | | ps.prevrule = NULL; |
| 2556 | | | ps.preccounter = 0; |
| 2557 | | | ps.lastrule = NULL; |
| 2558 | | | ps.firstrule = NULL; |
| 2559 | | | ps.lhs = NULL; |
| 2560 | | | ps.nrhs = 0; |
| 2561 | | | ps.lhsalias = NULL; |
| 2562 | | | ps.declkeyword = NULL; |
| 2563 | | | ps.declargslot = NULL; |
| 2564 | | | ps.declassoc = UNK; |
| 2565 | | | ps.fallback = NULL; |
| 2566 | | | |
| 2567 | | | |
| 2568 | | | fp = fopen(ps.filename,"rb"); |
| 2569 | | | if( fp==0 ){ |
Event 1:
Skipping " if". fp == 0 evaluates to false.
hide
|
|
| 2570 | | | ErrorMsg(ps.filename,0,"Can't open this file for reading."); |
| 2571 | | | gp->errorcnt++; |
| 2572 | | | return; |
| 2573 | | | } |
| 2574 | | | fseek(fp,0,2); |
| 2575 | | | filesize = ftell(fp); |
| 2576 | | | rewind(fp); |
| 2577 | | | |
| 2578 | | | filebuf = (char *)malloc( filesize+1 ); |
Event 3:
filebuf is set to malloc(filesize + 1). See related event 2.
hide
|
|
| 2579 | | | if( filebuf==0 ){ |
Event 4:
Skipping " if". filebuf == 0 evaluates to false.
hide
|
|
| 2580 | | | ErrorMsg(ps.filename,0,"Can't allocate %ld of memory to hold this file.", |
| 2581 | | | filesize+1); |
| 2582 | | | gp->errorcnt++; |
| 2583 | | | return; |
| 2584 | | | } |
| 2585 | | | if( fread(filebuf,1,filesize,fp)!=(size_t)filesize ){ |
Event 5:
filebuf, which evaluates to malloc(filesize + 1) from lemon.c:2578, is passed to fread() as the first argument. See related event 3.
hide
Event 6:
Inside fread(), *filebuf is set to a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input], where filebuf is malloc(filesize + 1) from lemon.c:2578. - Determines the value that is cast in the Cast Alters Value warning later.
See related event 5.
hide
Event 7:
Skipping " if". fread(...) != (size_t)filesize evaluates to false.
hide
|
|
| 2586 | | | ErrorMsg(ps.filename,0,"Can't read in all %ld bytes of this file.", |
| 2587 | | | filesize); |
| 2588 | | | free(filebuf); |
| 2589 | | | gp->errorcnt++; |
| 2590 | | | return; |
| 2591 | | | } |
| 2592 | | | fclose(fp); |
| 2593 | | | filebuf[filesize] = 0; |
| 2594 | | | |
| 2595 | | | |
| 2596 | | | preprocess_input(filebuf); |
| 2597 | | | |
| 2598 | | | |
| 2599 | | | lineno = 1; |
| 2600 | | | for(cp=filebuf; (c= *cp)!=0; ){ |
Event 8:
cp is set to filebuf, which evaluates to malloc(filesize + 1) from lemon.c:2578. See related event 3.
hide
Event 9:
c is set to *cp, which evaluates to the value assigned to *filebuf at lemon.c:2585. See related events 6 and 8.
hide
Event 10:
Entering loop body. (c = *cp) != 0 evaluates to true.
hide
|
|
| 2601 | | | if( c=='\n' ) lineno++; |
Event 11:
Skipping " if". c == 10 evaluates to false.
hide
|
|
| 2602 | | | if( safe_isspace(c) ){ cp++; continue; } |
Cast Alters Value
c is cast from char to unsigned char. - c could be -1 or lower.
- c evaluates to the value assigned to *filebuf at lemon.c:2585.
- Negative values cannot be stored as unsigned char. Casting them to unsigned char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related event 9. Show: All events | Only primary events |
|
| |