CodeSonar : Irssi : Null Pointer Dereference

Irssi : Irssi analysis 1 : Null Pointer Dereference at channel-events.c:272

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2159.2162
Procedure:	event_join
Trace:	View
Modified:	Wed Sep 2 11:51:38 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/irc/core/channel-events.c

			Enter event_join

210

static void event_join(IRC_SERVER_REC *server, const char *data, const char *nick, const char *address)

211

{

212

char *params, *channel, *tmp, *shortchan;

213

IRC_CHANNEL_REC *chanrec;

214

215

g_return_if_fail(data != NULL);

216

217

if (g_strcasecmp(nick, server->nick) != 0) {

218

/* someone else joined channel, no need to do anything */

return;

}

if (server->userhost == NULL)

223

server->userhost = g_strdup(address);

224

225

params = event_get_params(data, 1, &channel );

226

tmp = strchr(channel, 7); /* ^G does something weird.. */

227

if (tmp != NULL) *tmp = '\0';

228

229

if (*channel != '!' || strlen(channel) < 7)

230

shortchan = NULL;

231

else {

232

/* !channels have 5 chars long identification string before

233

it's name, it's not known when /join is called so rename

234

!channel here to !ABCDEchannel */

235

shortchan = g_strdup_printf("!%s", channel+6);

236

chanrec = channel_find_unjoined(server, shortchan );

237

if (chanrec != NULL) {

238

channel_change_name(CHANNEL (chanrec ), channel );

239

g_free(chanrec->name);

240

chanrec->name = g_strdup(channel);

241

} else {

242

/* well, did we join it with full name? if so, and if

243

this was the first short one, change it's name. */

244

chanrec = channel_find_unjoined(server, channel );

245

if (chanrec != NULL &&

246

irc_channel_find (server , shortchan ) == NULL) {

247

channel_change_visible_name(CHANNEL (chanrec ),

shortchan );

}

}

}

chanrec = irc_channel_find (server , channel );

254

if (chanrec != NULL && chanrec->joined) {

255

/* already joined this channel - probably a broken proxy that

256

forgot to send PART between */

257

chanrec->left = TRUE;

258

channel_destroy(CHANNEL (chanrec ));

chanrec = NULL;

}

if (chanrec == NULL) {

263

/* look again, because of the channel name cut issues. */

264

chanrec = channel_find_unjoined(server, channel );

265

}

266

267

if (chanrec == NULL) {

268

/* didn't get here with /join command.. */

true

269

chanrec = irc_channel_create(server, channel, shortchan, TRUE );

}

chanrec->joined = TRUE; /* Null Pointer Dereference */

Preconditions

$param_2 != 0
&$unknown_296211 = strlen(&$unknown_296210)
&$unknown_296211 >= 7
&$unknown_296212 != 0
((char*)$param_1)[336] = 0
((char*)&((char*)*$param_1)[184])[8] = 0
$unknown_296210 = 33
strlen(&$unknown_296210) >= 7
((char*)&$unknown_296216)[160] != 0

Postconditions

_g_boolean_var_' = 1
address' = $param_4
((char*)&$unknown_296216)[160]' = 1
channel' = &$unknown_296210
chanrec' = 0
data' = $param_2
nick' = $param_3
server' = $param_1
shortchan' = &$unknown_296212
tmp' = 0

Change Warning 2159.2162 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: