Text  |   XML   |   Visible Warnings:

Irssi : Irssi analysis 1 : Null Pointer Dereference  at statusbar.c:522

Categories: LANG.MEM.NPD CWE:476
Warning ID: 2388.2399
Similar Warnings: 2388.2400
Procedure: statusbar_create
Trace: View
Modified: Wed Sep 2 12:23:21 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/irssi/irssi-0.8.14/src/fe-text/statusbar.c
   Enter statusbar_create
 458 STATUSBAR_REC *statusbar_create(STATUSBAR_GROUP_REC *group,
 459                                 STATUSBAR_CONFIG_REC *config,
 460                                 MAIN_WINDOW_REC *parent_window) 
 461 {
 462         STATUSBAR_REC *bar;
 463         THEME_REC *theme;
 464         GSList *tmp;
 465         char *name, *value;
 466  
 467         g_return_val_if_fail(group != NULL, NULL);
 468         g_return_val_if_fail(config != NULL, NULL);
 469         g_return_val_if_fail(config->type != STATUSBAR_TYPE_WINDOW ||
 470                              parent_window != NULL, NULL);
 471  
 472         bar = g_new0(STATUSBAR_REC, 1);
 473         group->bars = g_slist_append(group->bars, bar);
 474  
 475         bar->group = group;
 476  
 477         bar->config = config;
 478         bar->parent_window = parent_window;
 479  
 480         irssi_set_dirty();
 481         bar->dirty = TRUE;
 482         bar->dirty_xpos = 0;
 483  
 484         signal_remove("terminal resized", (SIGNAL_FUNC) sig_terminal_resized);   /* Dangerous Function Cast (ID: 1957.1957) */
 485         signal_remove("mainwindow resized", (SIGNAL_FUNC) sig_mainwindow_resized);   /* Dangerous Function Cast (ID: 1956.1956) */
 486         signal_remove("mainwindow moved", (SIGNAL_FUNC) sig_mainwindow_resized);   /* Dangerous Function Cast (ID: 1955.1955) */
 487  
 488         if (config->type == STATUSBAR_TYPE_ROOT) {
 489                 /* top/bottom of the screen */ 
 490                 mainwindows_reserve_lines(config->placement == STATUSBAR_TOP,
 491                                           config->placement == STATUSBAR_BOTTOM);
 492                 theme = current_theme;
 493         } else {
 494                 /* top/bottom of the window */ 
 495                 parent_window->statusbars = 
 496                         g_slist_append(parent_window->statusbars, bar);
 497                 mainwindow_set_statusbar_lines(parent_window,
 498                                                config->placement == STATUSBAR_TOP,
 499                                                config->placement == STATUSBAR_BOTTOM);
 500                 theme = parent_window != NULL && parent_window->active != NULL &&   /* Null Test After Dereference (ID: 2387.2398) */
 501                         parent_window->active->theme != NULL ? 
 502                         parent_window->active->theme : current_theme;
 503         }
 504  
 505         signal_add("terminal resized", (SIGNAL_FUNC) sig_terminal_resized);   /* Dangerous Function Cast (ID: 1954.1954) */
 506         signal_add("mainwindow resized", (SIGNAL_FUNC) sig_mainwindow_resized);   /* Dangerous Function Cast (ID: 1953.1953) */
 507         signal_add("mainwindow moved", (SIGNAL_FUNC) sig_mainwindow_resized);   /* Dangerous Function Cast (ID: 1952.1952) */
 508  
 509         /* get background color from sb_background abstract */ 
 510         name = g_strdup_printf("{sb_%s_bg}", config->name);
 511         value = theme_format_expand(theme, name);
 512         g_free(name);
 513  
 514         if (*value == '\0') {   /* Null Pointer Dereference (ID: 2388.2400) */
 515                 /* try with the statusbar group name */ 
 516                 g_free(value);
 517  
 518                 name = g_strdup_printf("{sb_%s_bg}", group->name);
true519                 value = theme_format_expand(theme, name);
 520                 g_free(name);
 521  
value <= 4095522                 if (*value == '\0') {     /* Null Pointer Dereference */
Preconditions 
&$unknown_3380981 = 0
((char*)$param_2)[8] = 2
((char*)$param_2)[12] != 1
((char*)$param_2)[12] != 2
((char*)*$param_3)[144] != 0
$unknown_3380977 <= 125
$unknown_3380977 >= 123
strlen(&$unknown_3380977) != 0
$unknown_3380978 = 0
strlen(&$unknown_3380978) = 0
Postconditions 
_g_boolean_var_' = 1
_g_boolean_var_' = 1
_g_boolean_var_' = 1
bar' = &$unknown_3380975
config' = $param_2
dirty' = 1
group' = $param_1
name' = 0
parent_window' = $param_3
theme' = ((char*)*$param_3)[144]
value' = 0



Change Warning 2388.2399 : Null Pointer Dereference

Because they are very similar, this warning shares annotations with warning 2388.2400.

Priority:
State:
Finding:
Owner:
Note: