(/home/sate/Testcases/c/cve/wireshark-1.2.0/tools/lemon/lemon.c) |
| |
| 2539 | | | void Parse(struct lemon *gp) |
| 2540 | | | { |
| 2541 | | | struct pstate ps; |
| 2542 | | | FILE *fp; |
| 2543 | | | char *filebuf; |
| 2544 | | | long filesize; |
| 2545 | | | int lineno; |
| 2546 | | | char c; |
| 2547 | | | char *cp, *nextcp; |
| 2548 | | | int startline = 0; |
| 2549 | | | |
| 2550 | | | memset(&ps, '\0', sizeof(ps)); |
| 2551 | | | ps.gp = gp; |
| 2552 | | | ps.filename = gp->filename; |
| 2553 | | | ps.errorcnt = 0; |
| 2554 | | | ps.state = INITIALIZE; |
| 2555 | | | ps.prevrule = NULL; |
| 2556 | | | ps.preccounter = 0; |
| 2557 | | | ps.lastrule = NULL; |
| 2558 | | | ps.firstrule = NULL; |
| 2559 | | | ps.lhs = NULL; |
| 2560 | | | ps.nrhs = 0; |
| 2561 | | | ps.lhsalias = NULL; |
| 2562 | | | ps.declkeyword = NULL; |
| 2563 | | | ps.declargslot = NULL; |
| 2564 | | | ps.declassoc = UNK; |
| 2565 | | | ps.fallback = NULL; |
| 2566 | | | |
| 2567 | | | |
| 2568 | | | fp = fopen(ps.filename,"rb"); |
| 2569 | | | if( fp==0 ){ |
Event 1:
Skipping " if". fp == 0 evaluates to false.
hide
|
|
| 2570 | | | ErrorMsg(ps.filename,0,"Can't open this file for reading."); |
| 2571 | | | gp->errorcnt++; |
| 2572 | | | return; |
| 2573 | | | } |
| 2574 | | | fseek(fp,0,2); |
| 2575 | | | filesize = ftell(fp); |
Event 2:
ftell() returns a potentially dangerous value [ ?potentially dangerous: the value cannot be determined and may come from program input]. - Determines the size in the Unreasonable Size Argument warning later.
hide
Event 3:
Considering the case where ftell(fp) is equal to -1.
hide
Event 4:
filesize is set to ftell(fp). See related event 2.
hide
|
|
| 2576 | | | rewind(fp); |
| 2577 | | | |
| 2578 | | | filebuf = (char *)malloc( filesize+1 ); |
| 2579 | | | if( filebuf==0 ){ |
Event 5:
Skipping " if". filebuf == 0 evaluates to false.
hide
|
|
| 2580 | | | ErrorMsg(ps.filename,0,"Can't allocate %ld of memory to hold this file.", |
| 2581 | | | filesize+1); |
| 2582 | | | gp->errorcnt++; |
| 2583 | | | return; |
| 2584 | | | } |
| 2585 | | | if( fread(filebuf,1,filesize,fp)!=(size_t)filesize ){ |
Event 6:
filesize, which evaluates to ftell(fp) from lemon.c:2575, is passed to fread() as the third argument. See related event 4.
hide
Unreasonable Size Argument
The size argument to fread() has an unreasonable value. - The size argument is filesize, which evaluates to ftell(fp) from lemon.c:2575.
- One or more of the possible values of filesize are unreasonable.
- A size argument is considered unreasonable if it is negative or very large.
The issue can occur if the highlighted code executes. See related events 3 and 6. Show: All events | Only primary events |
|
| |