(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-index/mail-index-fsck.c) |
| |
| 258 | | | mail_index_fsck_extensions(struct mail_index *index, struct mail_index_map *map, |
| 259 | | | struct *hdr) |
| 260 | | | { |
| 261 | | | const struct *ext_hdr; |
| 262 | | | ARRAY_TYPE(const_string) names; |
| 263 | | | const char *name, *error; |
| 264 | | | unsigned int offset, next_offset, i; |
| 265 | | | |
| 266 | | | t_array_init(&names, 64);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
39 | #define t_array_init(array, init_count) \ |
40 | p_array_init(array, pool_datastack_create(), init_count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
35 | #define p_array_init(array, pool, init_count) \ |
36 | array_create(array, pool, sizeof(**(array)->v), init_count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
75 | #define array_create(array, pool, element_size, init_count) \ |
76 | array_create_i(&(array)->arr, pool, element_size, init_count) |
| |
|
| 267 | | | offset = (hdr->); |
| 268 | | | for (i = 0; offset < hdr->; i++) { |
Event 1:
Entering loop body. offset < hdr-> evaluates to true.
hide
|
|
| 269 | | | |
| 270 | | | |
| 271 | | | map->hdr = *hdr; |
| 272 | | | |
| 273 | | | next_offset = offset; |
| 274 | | | if (mail_index_map_ext_get_next(map, &next_offset, |
| 275 | [+] | | &ext_hdr, &name) < 0) { |
 |
| 276 | | | |
| 277 | | | mail_index_fsck_error(index, |
| 278 | | | "Dropped extension #%d (%s) " |
| 279 | | | "with invalid size", |
| 280 | | | i, name); |
| 281 | | | hdr-> = offset; |
| 282 | | | break; |
| 283 | | | } |
| 284 | | | if (mail_index_map_ext_hdr_check(hdr, ext_hdr, name, |
| 285 | | | &error) < 0) { |
Event 7:
Taking true branch. mail_index_map_ext_hdr_check(...) < 0 evaluates to true.
hide
|
|
| 286 | | | mail_index_fsck_error(index, |
| 287 | | | "Dropped broken extension #%d (%s)", i, name); |
| 288 | | | } else if (array_has_name(&names, name)) { |
| 289 | | | mail_index_fsck_error(index, |
| 290 | | | "Dropped duplicate extension %s", name); |
| 291 | | | } else { |
| 292 | | | |
| 293 | | | name = t_strdup(name); |
| 294 | | | |
| 295 | | | if (strcmp(name, MAIL_INDEX_EXT_KEYWORDS) == 0) { |
| 296 | | | mail_index_fsck_keywords(index, map, hdr, |
| 297 | | | ext_hdr, offset, |
| 298 | | | &next_offset); |
| 299 | | | } |
| 300 | | | array_append(&names, &name, 1);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
116 | #define array_append(array, data, count) \ |
117 | array_append_i(&(array)->arr + ARRAY_TYPE_CHECK(array, data), \ |
118 | data, count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
47 | # define ARRAY_TYPE_CHECK(array, data) \ |
48 | COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE( \ |
49 | **(array)->v_modifiable, *data) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
158 | # define COMPILE_ERROR_IF_TYPES_NOT_COMPATIBLE(_a, _b) \ |
159 | COMPILE_ERROR_IF_TRUE( \ |
160 | !__builtin_types_compatible_p(typeof(_a), typeof(_b))) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
156 | # define COMPILE_ERROR_IF_TRUE(condition) \ |
157 | (sizeof(char[1 - 2 * !!(condition)]) - 1) |
| |
|
| 301 | | | offset = next_offset; |
| 302 | | | continue; |
| 303 | | | } |
| 304 | | | |
| 305 | | | |
| 306 | | | hdr-> -= next_offset - offset; |
| 307 | | | buffer_copy(map->hdr_copy_buf, offset, |
| 308 | [+] | | map->hdr_copy_buf, next_offset, (size_t)-1); |
Event 8:
-1 is passed to buffer_copy() as the fifth argument. - Determines the size in the Unreasonable Size Argument warning later.
hide
|
|
 |
| |