(/home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib-index/mail-cache-transaction.c) |
| |
| 590 | | | mail_cache_transaction_flush(struct mail_cache_transaction_ctx *ctx) |
| 591 | | | { |
| 592 | | | struct mail_cache *cache = ctx->cache; |
| 593 | | | const struct mail_cache_record *rec, *tmp_rec; |
| 594 | | | const uint32_t *seq; |
| 595 | | | uint32_t write_offset, write_size, rec_pos, seq_idx, seq_limit; |
| 596 | | | size_t size, max_size; |
| 597 | | | unsigned int seq_count; |
| 598 | | | int ret; |
| 599 | | | bool commit; |
| 600 | | | |
| 601 | | | if (MAIL_CACHE_IS_UNUSABLE(cache)) |
Event 1:
Skipping " if". cache->hdr == (void *)0 evaluates to false.
hide
|
|
| 602 | | | return -1; |
| 603 | | | |
| 604 | | | commit = ctx->prev_seq == 0; |
Event 2:
ctx->prev_seq == 0 evaluates to false.
hide
|
|
| 605 | | | if (commit) { |
Event 3:
Skipping " if". commit evaluates to false.
hide
|
|
| 606 | | | |
| 607 | | | buffer_set_used_size(ctx->cache_data, ctx->prev_pos); |
| 608 | | | } |
| 609 | | | |
| 610 | | | if (ctx->cache_file_seq != ctx->cache->hdr->file_seq) { |
Event 4:
Skipping " if". ctx->cache_file_seq != ctx->cache->hdr->file_seq evaluates to false.
hide
|
|
| 611 | | | |
| 612 | | | mail_cache_transaction_reset(ctx); |
| 613 | | | return 0; |
| 614 | | | } |
| 615 | | | |
| 616 | | | rec = buffer_get_data(ctx->cache_data, &size); |
| 617 | | | i_assert(ctx->prev_pos <= size);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
189 | #define i_assert(expr) STMT_START{ \ |
190 | if (unlikely(!(expr))) \ |
191 | i_panic("file %s: line %d (%s): assertion failed: (%s)", \ |
192 | __FILE__, \ |
193 | __LINE__, \ |
194 | __PRETTY_FUNCTION__, \ |
195 | #expr); }STMT_END |
| |
|
Event 5:
Skipping " if". ctx->prev_pos <= size evaluates to true.
hide
Event 6:
Skipping " if". !(ctx->prev_pos <= size) evaluates to false.
hide
Event 7:
Skipping " if". !!(ctx->prev_pos <= size) evaluates to true.
hide
Event 8:
Skipping " if". !!!(ctx->prev_pos <= size) evaluates to false.
hide
Event 9:
Skipping " if". __builtin_expect(...) evaluates to false.
hide
|
|
| 618 | | | |
| 619 | | | seq = array_get(&ctx->cache_data_seq, &seq_count);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
156 | #define array_get(array, count) \ |
157 | ARRAY_TYPE_CAST_CONST(array)array_get_i(&(array)->arr, count) |
| |
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/array.h |
| |
43 | # define ARRAY_TYPE_CAST_CONST(array) \ |
44 | (typeof(*(array)->v)) |
| |
|
| 620 | | | seq_limit = 0; |
| 621 | | | |
| 622 | | | for (seq_idx = 0, rec_pos = 0; rec_pos < ctx->prev_pos;) { |
Event 10:
Leaving loop. rec_pos < ctx->prev_pos evaluates to false.
hide
|
|
| 623 | | | max_size = ctx->prev_pos - rec_pos; |
| 624 | | | |
| 625 | | | ret = mail_cache_transaction_get_space(ctx, rec->size, |
| 626 | | | max_size, &write_offset, |
| 627 | | | &max_size, commit); |
| 628 | | | if (ret <= 0) { |
| 629 | | | |
| 630 | | | return ret; |
| 631 | | | } |
| 632 | | | |
| 633 652 |  | | [ Lines 633 to 652 omitted. ] |
| 653 | | | &seq_idx, seq_limit, |
| 654 | | | write_offset, |
| 655 | | | &write_size) < 0) |
| 656 | | | return -1; |
| 657 | | | |
| 658 | | | rec_pos += write_size; |
| 659 | | | rec = CONST_PTR_OFFSET(rec, write_size);
x /home/sate/Testcases/c/cve/dovecot-1.2.0/src/lib/macros.h |
| |
29 | #define CONST_PTR_OFFSET(ptr, offset) \ |
30 | ((const void *) (((const unsigned char *) (ptr)) + (offset))) |
| |
|
| 660 | | | } |
| 661 | | | |
| 662 | | | |
| 663 | | | buffer_copy(ctx->cache_data, 0, |
| 664 | [+] | | ctx->cache_data, ctx->prev_pos, (size_t)-1); |
Event 11:
-1 is passed to buffer_copy() as the fifth argument. - Determines the size in the Unreasonable Size Argument warning later.
hide
|
|
 |
| |