CodeSonar : Irssi : Null Pointer Dereference

Irssi : Irssi analysis 1 : Null Pointer Dereference at irc-nicklist.c:163

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2175.2180
Procedure:	event_names_list
Trace:	View
Modified:	Wed Sep 2 11:51:45 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/irc/core/irc-nicklist.c

			Enter event_names_list

static void event_names_list(IRC_SERVER_REC *server, const char *data)

{

IRC_CHANNEL_REC *chanrec;

100

NICK_REC *rec;

101

char *params, *type, *channel, *names, *ptr;

102

int op, halfop, voice;

103

char prefixes[MAX_USER_PREFIXES+1];

104

105

g_return_if_fail(data != NULL);

106

107

params = event_get_params(data, 4, NULL, &type, &channel, &names );

108

109

chanrec = irc_channel_find (server , channel );

110

if (chanrec == NULL || chanrec->names_got) {

111

/* unknown channel / names list already read */

g_free(params);

return;

}

/* type = '=' = public, '*' = private, '@' = secret.

117

118

This is actually pretty useless to check here, but at least we

119

get to know if the channel is +p or +s a few seconds before

120

we receive the MODE reply...

121

122

If the channel key is set, assume the channel is +k also until

123

we know better, so parse_channel_modes() won't clear the key */

124

if (*type == '*') {

125

parse_channel_modes(chanrec, NULL,

126

chanrec->key ? "+kp" : "+p", FALSE );

127

} else if (*type == '@') {

128

parse_channel_modes(chanrec, NULL,

129

chanrec->key ? "+ks" : "+s", FALSE );

130

}

131

132

while (*names != '\0') {

133

while (*names == ' ') names++;

134

ptr = names;

135

while (*names != '\0' && *names != ' ') names++;

136

if (*names != '\0') *names++ = '\0';

137

138

/* some servers show ".@nick", there's also been talk about

139

showing "@+nick" and since none of these chars are valid

140

nick chars, just check them until a non-nickflag char is

141

found. */

142

op = halfop = voice = FALSE;

143

prefixes[0] = '\0';

144

while (isnickflag(server, *ptr)) {

145

prefix_add(prefixes, *ptr, (SERVER_REC *) server );

switch (*ptr) {

case '@':

op = TRUE;

break;

case '%':

halfop = TRUE;

break;

case '+':

voice = TRUE;

break;

}

ptr++;

}

if (nicklist_find((CHANNEL_REC *) chanrec, ptr ) == NULL) {

161

rec = irc_nicklist_insert(chanrec, ptr, op, halfop,

voice, FALSE );

memcpy(rec->prefixes, prefixes, sizeof(rec->prefixes)); /* Null Pointer Dereference */

Preconditions

$param_2 != 0
&$unknown_418170 != 0
&$unknown_418181 = 45
&$unknown_418182 = 45
&$unknown_418183 = 8
((char*)&$unknown_418171)[152] = 0
((char*)&$unknown_418171)[160] = 0
$unknown_418172 = 64
strlen(&$unknown_418172) != 0
$unknown_418177 != 0
$unknown_418177 != 32
strlen(&$unknown_418178) != 1
((char*)&$unknown_418178)[1] = 43

Postconditions

_g_boolean_var_' = 1
strlen(&$unknown_418177)' = 1
((char*)&$unknown_418177)[1]' = 0
channel' = &$unknown_418170
chanrec' = &$unknown_418171
data' = $param_2
names' = &$unknown_418177 + 2
ptr' = &$unknown_418178 + 2
rec' = 0
server' = $param_1
type' = &$unknown_418172
voice' = 1

Change Warning 2175.2180 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: