(/home/sate/Testcases/c/cve/wireshark-1.2.0/epan/prefs.c) |
| |
| 1354 | | | read_prefs_file(const char *pf_path, FILE *pf, pref_set_pair_cb pref_set_pair_fct, void *private_data) |
| 1355 | | | { |
| 1356 | | | enum { START, IN_VAR, PRE_VAL, IN_VAL, IN_SKIP }; |
| 1357 | | | int got_c, state = START; |
| 1358 | | | GString *cur_val; |
| 1359 | | | GString *cur_var; |
| 1360 | | | gboolean got_val = FALSE; |
| 1361 | | | gint fline = 1, pline = 1; |
| 1362 | | | gchar hint[] = "(applying your preferences once should remove this warning)"; |
| 1363 | | | |
| 1364 | | | cur_val = g_string_new(""); |
| 1365 | | | cur_var = g_string_new(""); |
| 1366 | | | |
| 1367 | | | while ((got_c = getc(pf)) != EOF) { |
Event 4:
getc() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the value that is cast in the Cast Alters Value warning later.
hide
Event 5:
Considering the case where getc(pf) is at least -1.
hide
Event 6:
Considering the case where getc(pf) is no more than 255.
hide
Event 7:
got_c is set to getc(pf). See related event 4.
hide
Event 8:
Entering loop body. (got_c = getc(pf)) != -1 evaluates to true.
hide
Event 9:
Considering the case where got_c is not equal to -1 so getc(pf) must have been at least 0. See related events 5 and 7.
hide
|
|
| 1368 | | | if (got_c == '\n') { |
Event 10:
Skipping " if". got_c == 10 evaluates to false.
hide
Event 11:
Considering the case where got_c is not equal to 10 so getc(pf) from prefs.c:1367 must not have been equal to 10. See related event 7.
hide
|
|
| 1369 | | | state = START; |
| 1370 | | | fline++; |
| 1371 | | | continue; |
| 1372 | | | } |
| 1373 | | | |
| 1374 | | | switch (state) { |
Event 12:
state evaluates to 3.
hide
|
|
| 1375 | | | case START: |
| 1376 | | | if (isalnum(got_c)) { |
| 1377 | | | if (cur_var->len > 0) { |
| 1378 | | | if (got_val) { |
| 1379 | | | switch (pref_set_pair_fct(cur_var->str, cur_val->str, private_data)) { |
| 1380 | | | |
| 1381 | | | case PREFS_SET_OK: |
| 1382 | | | break; |
| 1383 | | | |
| 1384 | | | case PREFS_SET_SYNTAX_ERR: |
| 1385 | | | g_warning ("%s line %d: Syntax error %s", pf_path, pline, hint);
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 1386 | | | break; |
| 1387 | | | |
| 1388 | | | case PREFS_SET_NO_SUCH_PREF: |
| 1389 | | | g_warning ("%s line %d: No such preference \"%s\" %s", pf_path,
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 1390 | | | pline, cur_var->str, hint); |
| 1391 | | | break; |
| 1392 | | | |
| 1393 | | | case PREFS_SET_OBSOLETE: |
| 1394 | | | |
| 1395 | | | |
| 1396 | | | |
| 1397 | | | |
| 1398 | | | break; |
| 1399 | | | } |
| 1400 | | | } else { |
| 1401 | | | g_warning ("%s line %d: Incomplete preference %s", pf_path, pline, hint);
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 1402 | | | } |
| 1403 | | | } |
| 1404 | | | state = IN_VAR; |
| 1405 | | | got_val = FALSE; |
| 1406 | | | g_string_truncate(cur_var, 0); |
| 1407 | | | g_string_append_c(cur_var, (gchar) got_c);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
| 1408 | | | pline = fline; |
| 1409 | | | } else if (isspace(got_c) && cur_var->len > 0 && got_val) { |
| 1410 | | | state = PRE_VAL; |
| 1411 | | | } else if (got_c == '#') { |
| 1412 | | | state = IN_SKIP; |
| 1413 | | | } else { |
| 1414 | | | g_warning ("%s line %d: Malformed line %s", pf_path, fline, hint);
x /usr/include/glib-2.0/glib/gmessages.h |
| |
153 | #define g_warning(...) g_log (G_LOG_DOMAIN, \ |
154 | G_LOG_LEVEL_WARNING, \ |
155 | __VA_ARGS__) |
| |
|
| 1415 | | | } |
| 1416 | | | break; |
| 1417 | | | case IN_VAR: |
| 1418 | | | if (got_c != ':') { |
| 1419 | | | g_string_append_c(cur_var, (gchar) got_c);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
| 1420 | | | } else { |
| 1421 | | | state = PRE_VAL; |
| 1422 | | | g_string_truncate(cur_val, 0); |
| 1423 | | | got_val = TRUE; |
| 1424 | | | } |
| 1425 | | | break; |
| 1426 | | | case PRE_VAL: |
| 1427 | | | if (!isspace(got_c)) { |
| 1428 | | | state = IN_VAL; |
| 1429 | | | g_string_append_c(cur_val, (gchar) got_c);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
| 1430 | | | } |
| 1431 | | | break; |
| 1432 | | | case IN_VAL: |
| 1433 | | | g_string_append_c(cur_val, (gchar) got_c);
x /usr/include/glib-2.0/glib/gstring.h |
| |
156 | #define g_string_append_c(gstr,c) g_string_append_c_inline (gstr, c) |
| |
|
Cast Alters Value
got_c is cast from int to char. - got_c could be 128 or higher.
- Values 128 or higher cannot be stored as char. Casting them to char can cause data loss or sign change.
The issue can occur if the highlighted code executes. See related events 6, 7, 9, and 11. Show: All events | Only primary events |
|
| 1434 | | | break; |
| |