CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at tdpro.c:1396

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2446.2474
Procedure:	assign_tasks
Trace:	View
Modified:	Wed Sep 2 12:39:34 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/tdpro.c

			Enter assign_tasks

1263

assign_tasks(wp)

1264

struct waitc *wp; /* (any) waitc in peer group for this op */

1265

{

1266

static int lasthh = -1; /* for assigning hosts */

1267

1268

struct waitc_spawn *wxp = (struct waitc_spawn*)wp->wa_spec;

1269

struct htab *htp; /* set of hosts to use */

1270

int *vec; /* result/status vector */

1271

int veclen; /* length of vector */

1272

int count = 0; /* num of tasks to be assigned */

1273

int nh; /* num of hosts to assign tasks */

1274

int a = 0; /* accum for finding hosts */

1275

int na = 0; /* num tasks assigned to a host */

struct waitc *wp2;

struct hostd *hp;

struct pmsg *mp;

int t;

int i;

int tid;

struct timeval now;

if (!wxp)

return 0;

htp = wxp->w_ht;

vec = wxp->w_vec;

veclen = wxp->w_veclen;

1290

1291

1292

* if no hosts left, fill unassigned entries with PvmNoHost

if (!htp->ht_cnt)

for (t = veclen; t-- > 0; )

if (!vec[t])

vec[t] = PvmNoHost;

* count tasks to be assigned, if none left reply to task

1302

1303

1304

for (t = veclen; t-- > 0; )

if (!vec[t])

count++;

if (!count) {

pkint(wp->wa_mesg, wxp->w_veclen );

1310

for (t = 0; t < wxp->w_veclen; t++) {

1311

tid = wxp->w_vec[t];

1312

pkint(wp->wa_mesg, tid );

1313

if (TIDISTASK(tid) && wxp->w_trctid > 0) {

1314

tev_send_spntask(

1315

wxp->w_trctid, wxp->w_trcctx, wxp->w_trctag,

1316

tid, wxp->w_ptid );

1317

}

1318

if (TIDISTASK(tid) && wxp->w_outtid > 0) {

...

1331

1332

free_wait_spawn(wxp );

wp->wa_spec = 0;

return 0;

}

* assign tasks to hosts

1339

1340

1341

nh = min(htp->ht_cnt, count);

1342

1343

/* find first host to assign */

1344

1345

if (lasthh == -1)

1346

lasthh = hosts->ht_local + 1;

1347

if (lasthh > htp->ht_last)

1348

lasthh = 0;

1349

while (!htp->ht_hosts[lasthh])

1350

if (++lasthh > htp->ht_last)

1351

lasthh = 1;

1352

hp = htp->ht_hosts[lasthh];

1353

1354

for (t = 0; t < veclen && vec[t]; t++);

while (t < veclen) {

pvmlogprintf("assign_tasks() %s <- %d\n", hp->hd_name, t);

1359

1360

1361

vec[t] = hp->hd_hostpart;

1362

na++;

1363

1364

/* when enough tasks for this host, move to next */

1365

1366

if ((a += nh) >= count) {

1367

a -= count;

1368

1369

wp2 = wait_new (WT_SPAWN );

1370

wp2->wa_tid = wp->wa_tid;

1371

wp2->wa_on = hp->hd_hostpart;

1372

wp2->wa_spec = wp->wa_spec;

1373

wp->wa_mesg->m_ref++;

1374

wp2->wa_mesg = wp->wa_mesg;

1375

LISTPUTBEFORE(wp, wp2, wa_peer, wa_rpeer);

mp = mesg_new (0);

pkint(mp, wxp->w_ptid );

1379

pkstr(mp, wxp->w_file );

1380

pkint(mp, wxp->w_flags );

1381

pkint(mp, na );

1382

pkint(mp, wxp->w_argc );

1383

for (i = 0; i < wxp->w_argc; i++)

1384

pkstr(mp, wxp->w_argv[i]);

1385

pkint(mp, wxp->w_outtid );

1386

pkint(mp, wxp->w_outctx );

1387

pkint(mp, wxp->w_outtag );

1388

pkint(mp, wxp->w_trctid );

1389

pkint(mp, wxp->w_trcctx );

1390

pkint(mp, wxp->w_trctag );

1391

pkint(mp, wxp->w_nenv );

1392

for (i = 0; i < wxp->w_nenv; i++)

1393

pkstr(mp, wxp->w_env[i]);

1394

pkint(mp, (t+1)-na ); /* start proc location 0..count-1 */

1395

pkint(mp, count ); /* how many are there in total */

mp <= 4095

1396

mp->m_dst = hp->hd_hostpart | TIDPVMD; /* Null Pointer Dereference */

1397

mp->m_tag = DM_EXEC;

1398

mp->m_wid = wp2->wa_wid;

1399

1400

do {

1401

if (++lasthh > htp->ht_last)

1402

lasthh = 1;

1403

} while (!htp->ht_hosts[lasthh]);

sendmessage(mp );

hp = htp->ht_hosts[lasthh];

1408

na = 0;

1409

}

1410

for (t++ ; t < veclen && vec[t]; t++);

Preconditions

&$unknown_44719 >= 1
&$unknown_44739 = 0
((char*)&((char*)*$param_1)[72])[40] >= 2
((char*)&((char*)*$param_1)[72])[72] >= 2
((char*)&((char*)*$param_1)[72])[12] >= 2
((char*)&((char*)((char*)*$param_1)[72])[24])[4] >= lasthh
((char*)&((char*)((char*)*$param_1)[72])[24])[8] = 0
lasthh != -1

Postconditions

((char*)&$unknown_44722)[40]' = &$heap_469
count' = &$unknown_44719
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
$heap_469' = &$unknown_44721
bytes_after(&$heap_469)' = 80
$heap_469' is allocated by malloc
$heap_469' is allocated
bytes_before(&$heap_469)' = 0
((char*)&$heap_469)[16]' <= ((char*)&$unknown_44721)[16] - 1
((char*)&$heap_469)[20]' = 2
((char*)&$heap_469)[24]' = ((char*)&$unknown_44720)[4]
((char*)&$heap_469)[28]' = ((char*)$param_1)[28]
((char*)&$heap_469)[32]' = 0
((char*)&$heap_469)[40]' = $param_1
((char*)&$heap_469)[48]' = &$unknown_44722
((char*)&$heap_469)[56]' = ((char*)$param_1)[56]
((char*)&$heap_469)[64]' = 0
((char*)&$heap_469)[72]' = ((char*)$param_1)[72]
((char*)&$heap_469)[8]' = ((char*)&$unknown_44721)[8]
hp' = &$unknown_44720
htp' = ((char*)&((char*)*$param_1)[72])[24]
i' = ((char*)&((char*)*$param_1)[72])[72]
mp' = &$unknown_44739
nh' = ((char*)&((char*)((char*)*$param_1)[72])[24])[8]
numpmsgs' = 0
t' <= ((char*)&((char*)*$param_1)[72])[40] - 1
vec' = ((char*)&((char*)*$param_1)[72])[32]
veclen' = ((char*)&((char*)*$param_1)[72])[40]
wp' = $param_1
wp2' = &$heap_469
wxp' = ((char*)$param_1)[72]

Change Warning 2446.2474 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: