(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-index/mail-index-map.c) |
| |
| 1170 | | | void mail_index_map_move_to_memory(struct mail_index_map *map) |
| 1171 | | | { |
| 1172 | | | struct mail_index_record_map *new_map; |
| 1173 | | | |
| 1174 | | | if (map->rec_map->mmap_base == NULL) |
Event 1:
Skipping " if". map->rec_map->mmap_base == (void *)0 evaluates to false.
hide
|
|
| 1175 | | | return; |
| 1176 | | | |
| 1177 | | | i_assert(map->rec_map->lock_id != 0);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 2:
Skipping " if". map->rec_map->lock_id != 0 evaluates to true.
hide
Event 3:
Skipping " if". !(map->rec_map->lock_id != 0) evaluates to false.
hide
Event 4:
Skipping " if". !!(map->rec_map->lock_id != 0) evaluates to true.
hide
Event 5:
Skipping " if". !!!(map->rec_map->lock_id != 0) evaluates to false.
hide
Event 6:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 1178 | | | |
| 1179 | | | if (array_count(&map->rec_map->maps) == 1) |
Event 7:
Taking false branch. array_count_i(...) == 1 evaluates to false.
hide
|
|
| 1180 | | | new_map = map->rec_map; |
| 1181 | | | else { |
| 1182 | | | new_map = mail_index_record_map_alloc(map); |
Event 9:
new_map is set to mail_index_record_map_alloc(...). See related event 8.
hide
|
|
| 1183 | | | new_map->modseq = map->rec_map->modseq == NULL ? NULL : |
Event 10:
map->rec_map->modseq == (void *)0 evaluates to false.
hide
Event 28:
new_map->modseq now references the resource of interest, where new_map is mail_index_record_map_alloc(...) from mail-index-map.c:1182. - new_map->modseq is set to map->rec_map->modseq == (void *)0 ? (void *)0 : mail_index_map_modseq_clone(...), which evaluates to malloc(size) from imem.c:9
See related events 9 and 26.
hide
|
|
| 1184 | [+] | | mail_index_map_modseq_clone(map->rec_map->modseq); |
Event 11:
The resource of interest is allocated inside mail_index_map_modseq_clone().
hide
|
|
 |
| 1185 | | | } |
| 1186 | | | |
| 1187 | | | mail_index_map_copy_records(new_map, map->rec_map, |
| 1188 | [+] | | map->hdr.record_size); |
 |
| 1189 | | | (map, map); |
| 1190 | | | |
| 1191 | | | if (new_map != map->rec_map) { |
Event 30:
Taking false branch. new_map != map->rec_map evaluates to false.
hide
|
|
| 1192 | | | mail_index_record_map_unlink(map); |
| 1193 | | | map->rec_map = new_map; |
| 1194 | | | } else { |
| 1195 | [+] | | mail_index_unlock(map->index, &new_map->lock_id); |
 |
| 1196 | | | if (munmap(new_map->mmap_base, new_map->mmap_size) < 0) |
| 1197 | | | mail_index_set_syscall_error(map->index, "munmap()"); |
| 1198 | | | new_map->mmap_base = NULL; |
| 1199 | | | } |
| 1200 | | | } |
Leak
There are no remaining references to the resource malloc(size) from imem.c:9. The issue can occur if the highlighted code executes. See related events 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, and 35. Show: All events | Only primary events |
|
| |