(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-storage/index/mbox/mbox-sync-update.c) |
| |
| 29 | | | void mbox_sync_move_buffer(struct mbox_sync_mail_context *ctx, |
| 30 | | | size_t pos, size_t need, size_t have) |
| 31 | | | { |
| 32 | | | ssize_t diff = (ssize_t)need - (ssize_t)have; |
| 33 | | | int i; |
| 34 | | | |
| 35 | | | i_assert(have < SSIZE_T_MAX);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 1:
Skipping " if". have < 2147483647 evaluates to true.
hide
Event 2:
Skipping " if". !(have < 2147483647) evaluates to false.
hide
Event 3:
Skipping " if". !!(have < 2147483647) evaluates to true.
hide
Event 4:
Skipping " if". !!!(have < 2147483647) evaluates to false.
hide
Event 5:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 36 | | | |
| 37 | | | if (diff == 0) { |
Event 6:
Taking false branch. diff == 0 evaluates to false.
hide
|
|
| 38 | | | if (ctx-> < pos + have || |
| 39 | | | ctx-> == (size_t)-1) |
| 40 | | | ctx-> = pos + have; |
| 41 | | | } else { |
| 42 | | | |
| 43 | | | |
| 44 | | | |
| 45 | | | |
| 46 | | | ctx-> = (size_t)-1; |
| 47 | | | for (i = 0; i < MBOX_HDR_COUNT; i++) { |
| 48 | | | if (ctx->hdr_pos[i] > pos && |
| 49 | | | ctx->hdr_pos[i] != (size_t)-1) |
| 50 | | | ctx->hdr_pos[i] += diff; |
| 51 | | | } |
| 52 | | | |
| 53 | | | if (ctx->mail.space > 0) { |
Event 8:
Skipping " if". ctx->mail.space > 0 evaluates to false.
hide
|
|
| 54 | | | i_assert(ctx->mail.offset + ctx->mail.space <=
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
| 55 | | | ctx->hdr_offset + pos || |
| 56 | | | ctx->mail.offset > ctx->hdr_offset + pos + have); |
| 57 | | | if (ctx->mail.offset > ctx->hdr_offset + pos) { |
| 58 | | | |
| 59 | | | ctx->mail.offset += diff; |
| 60 | | | } |
| 61 | | | } |
| 62 | | | |
| 63 | | | if (diff < 0) |
Event 9:
Taking false branch. diff < 0 evaluates to false.
hide
|
|
| 64 | | | str_delete(ctx->, pos, -diff); |
| 65 | | | else { |
| 66 | | | ctx-> = (size_t)-1; |
| 67 | | | buffer_copy(ctx->, pos + diff, |
| 68 | [+] | | ctx->, pos, (size_t)-1); |
Event 10:
-1 is passed to buffer_copy() as the fifth argument. - Determines the size in the Unreasonable Size Argument warning later.
hide
|
|
 |
| |