(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c) |
| |
| 1421 | | | static int yy_get_next_buffer (void) |
| 1422 | | | { |
| 1423 | | | register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1424 | | | register char *source = (yytext_ptr); |
| 1425 | | | register int number_to_move, i; |
| 1426 | | | int ret_val; |
| 1427 | | | |
| 1428 | | | if ( (yy_c_buf_p) > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[(yy_n_chars) + 1] )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 1:
Skipping " if". yy_c_buf_p > &yy_buffer_stack[yy_buffer_stack_top]->yy_ch_buf[yy_n_chars + 1] evaluates to false.
hide
|
|
| 1429 | | | YY_FATAL_ERROR( |
| 1430 | | | "fatal flex scanner internal error--end of buffer missed" ); |
| 1431 | | | |
| 1432 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_fill_buffer == 0 )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 2:
Skipping " if". yy_buffer_stack[yy_buffer_stack_top]->yy_fill_buffer == 0 evaluates to false.
hide
|
|
| 1433 | | | { |
| 1434 | | | if ( (yy_c_buf_p) - (yytext_ptr) - YY_MORE_ADJ == 1 ) |
| 1435 | | | { |
| 1436 | | | |
| 1437 | | | |
| 1438 | | | |
| 1439 | | | return EOB_ACT_END_OF_FILE; |
| 1440 | | | } |
| 1441 | | | |
| 1442 | | | else |
| 1443 | | | { |
| 1444 | | | |
| 1445 | | | |
| 1446 | | | |
| 1447 | | | return EOB_ACT_LAST_MATCH; |
| 1448 | | | } |
| 1449 | | | } |
| 1450 | | | |
| 1451 | | | |
| 1452 | | | |
| 1453 | | | |
| 1454 | | | number_to_move = (int) ((yy_c_buf_p) - (yytext_ptr)) - 1; |
| 1455 | | | |
| 1456 | | | for ( i = 0; i < number_to_move; ++i ) |
Event 3:
Leaving loop. i < number_to_move evaluates to false.
hide
|
|
| 1457 | | | *(dest++) = *(source++); |
| 1458 | | | |
| 1459 | | | if ( YY_CURRENT_BUFFER_LVALUE->yy_buffer_status == YY_BUFFER_EOF_PENDING )
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
Event 4:
Taking false branch. yy_buffer_stack[yy_buffer_stack_top]->yy_buffer_status == 2 evaluates to false.
hide
|
|
| 1460 | | | |
| 1461 | | | |
| 1462 | | | |
| 1463 | | | YY_CURRENT_BUFFER_LVALUE->yy_n_chars = (yy_n_chars) = 0;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1464 | | | |
| 1465 | | | else |
| 1466 | | | { |
| 1467 | | | int num_to_read = |
| 1468 | | | YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1469 | | | |
| 1470 | | | while ( num_to_read <= 0 ) |
Event 5:
Leaving loop. num_to_read <= 0 evaluates to false.
hide
|
|
| 1471 | | | { |
| 1472 | | | |
| 1473 | | | |
| 1474 | | | YY_BUFFER_STATE b = YY_CURRENT_BUFFER;
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
289 | #define YY_CURRENT_BUFFER ( (yy_buffer_stack) \ |
290 | ? (yy_buffer_stack)[(yy_buffer_stack_top)] \ |
291 | : NULL) |
| |
|
| 1475 | | | |
| 1476 | | | int yy_c_buf_p_offset = |
| 1477 | | | (int) ((yy_c_buf_p) - b->yy_ch_buf); |
| 1478 | | | |
| 1479 | | | if ( b->yy_is_our_buffer ) |
| 1480 | | | { |
| 1481 1496 |  | | [ Lines 1481 to 1496 omitted. ] |
| 1497 | | | YY_FATAL_ERROR( |
| 1498 | | | "fatal error - scanner input buffer overflow" ); |
| 1499 | | | |
| 1500 | | | (yy_c_buf_p) = &b->yy_ch_buf[yy_c_buf_p_offset]; |
| 1501 | | | |
| 1502 | | | num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size -
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1503 | | | number_to_move - 1; |
| 1504 | | | |
| 1505 | | | } |
| 1506 | | | |
| 1507 | | | if ( num_to_read > YY_READ_BUF_SIZE ) |
Event 6:
Skipping " if". num_to_read > 8192 evaluates to false.
hide
|
|
| 1508 | | | num_to_read = YY_READ_BUF_SIZE; |
| 1509 | | | |
| 1510 | | | |
| 1511 | | | YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]),
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
750 | #define YY_INPUT(buf,result,max_size) \ |
751 | if ( YY_CURRENT_BUFFER_LVALUE->yy_is_interactive ) \ |
752 | { \ |
753 | int c = '*'; \ |
754 | int n; \ |
755 | for ( n = 0; n < max_size && \ |
756 | (c = getc( df_in )) != EOF && c != '\n'; ++n ) \ |
757 | buf[n] = (char) c; \ |
758 | if ( c == '\n' ) \ |
759 | buf[n++] = (char) c; \ |
760 | if ( c == EOF && ferror( df_in ) ) \ |
761 | YY_FATAL_ERROR( "input in flex scanner failed" ); \ |
762 | result = n; \ |
763 | } \ |
764 | else \ |
765 | { \ |
766 | errno=0; \ |
767 | while ( (result = fread(buf, 1, max_size, df_in))==0 && ferror(df_in)) \ |
768 | { \ |
769 | if( errno != EINTR) \ |
770 | { \ |
771 | YY_FATAL_ERROR( "input in flex scanner failed" ); \ |
772 | break; \ |
773 | } \ |
774 | errno=0; \ |
775 | clearerr(df_in); \ |
776 | } \ |
777 | }\ |
778 | \ |
779 | |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
x /usr/include/asm-generic/errno-base.h |
| |
7 | #define EINTR 4 /* Interrupted system call */ |
| |
x /home/sate/Testcases/c/cve/wireshark-1.2.0/epan/dfilter/scanner.c |
| |
296 | #define YY_CURRENT_BUFFER_LVALUE (yy_buffer_stack)[(yy_buffer_stack_top)] |
| |
|
| 1512 | | | (yy_n_chars), (size_t) num_to_read ); |
Event 7:
Taking true branch. yy_buffer_stack[yy_buffer_stack_top]->yy_is_interactive evaluates to true.
hide
Event 9:
getc() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Event 10:
Considering the case where getc(df_in) is at least -1.
hide
Event 11:
Considering the case where getc(df_in) is no more than 255.
hide
Event 12:
c is set to getc(df_in). See related event 9.
hide
Event 13:
Considering the case where c is not equal to -1 so getc(df_in) must have been at least 0. See related events 10 and 12.
hide
Event 14:
Considering the case where c is not equal to 10 so getc(df_in) must not have been equal to 10. See related event 12.
hide
Cast Alters Value
c is cast from int to char. - c could be 128 or higher.
- c evaluates to getc(df_in).
- Values 128 or higher cannot be stored as char. Casting them to char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related events 11, 12, 13, and 14. Show: All events | Only primary events |
|
| |