(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/var-expand.c) |
| |
| 307 | | | bool var_has_key(const char *str, char key, const char *long_key) |
| 308 | | | { |
| 309 | | | const char *end; |
| 310 | | | char c; |
| 311 | | | |
| 312 | | | for (; *str != '\0'; str++) { |
Event 1:
Entering loop body. *str != 0 evaluates to true.
hide
Event 7:
str is set to str + 1, which evaluates to 1. See related event 6.
hide
Null Pointer Dereference
str is dereferenced here, but it has an invalid value. - str evaluates to 1.
- CodeSonar is configured to issue warnings when code dereferences pointers whose value is lower than 4096. (This value can be adjusted using configuration parameter NULL_POINTER_THRESHOLD.).
The issue can occur if the highlighted code executes. See related event 7. Show: All events | Only primary events |
|
| 313 | | | if (*str == '%' && str[1] != '\0') { |
| 314 | | | str++; |
| 315 | | | c = var_get_key(str); |
| 316 | | | if (c == key) |
Event 3:
Skipping " if". c == key evaluates to false.
hide
|
|
| 317 | | | return TRUE; |
| 318 | | | |
| 319 | | | if (c == '{' && long_key != NULL && |
Event 4:
Skipping " if". - c == 123 evaluates to true.
- long_key != (void *)0 evaluates to true.
- (str = strchr(...)) != (void *)0 evaluates to false.
hide
|
|
| 320 | | | (str = strchr(str, '{')) != NULL && |
Event 5:
strchr() returns NULL. - Dereferenced later, causing the null pointer dereference.
hide
Event 6:
str is set to strchr(str, 123), which evaluates to NULL. See related event 5.
hide
|
|
| |