Text  |   XML   |   Visible Warnings:

Pvm : Pvm analysis 1 : Null Pointer Dereference  at task.c:546

Categories: LANG.MEM.NPD CWE:476
Warning ID: 2485.2514
Procedure: task_free
Trace: View
Modified: Wed Sep 2 12:39:49 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/pvm/pvm3/src/task.c
   Enter task_free
 490 task_free(tp) 
 491         struct task *tp;
 492 {
 493         struct timeval now;
 494         struct pmsg *mp;
 495         struct ccon *cp;
 496  
 497         if (pvmdebmask & PDMTASK) {
 498                 pvmlogprintf("task_free() t%x\n", tp->t_tid);
 499         }
 500 #ifdef SHMEM 
 501         /* XXX this is inside out - mpp_free should call task_free.
 502            XXX but for now task_free is what's called.
 503            XXX this will change in the portable processor interface 
 504            XXX cleanup. */ 
 505         mpp_free(tp->t_tid); 
 506 #endif 
 507 #ifdef IMA_BEOLIN 
 508         mpp_free(tp); 
 509 #endif 
 510         if (tp->t_plink && tp->t_prlink) {
 511                 LISTDELETE(tp, t_plink, t_prlink);
 512         }
 513         if (tp->t_link && tp->t_rlink) {
 514                 LISTDELETE(tp, t_link, t_rlink);
 515         }
 516         if (tp->t_rxm)
 517                 pmsg_unref(tp->t_rxm);
 518         if (tp->t_rxp)
 519                 pk_free(tp->t_rxp);
 520         if (tp->t_txq)
 521                 pk_free(tp->t_txq);
 522         if (tp->t_wait)
 523                 wait_delete(tp->t_wait);
 524         if (tp->t_authnam) {
 525                 (void)unlink(tp->t_authnam);
 526                 PVM_FREE(tp->t_authnam);
 527         }
 528         if (tp->t_sock != -1) {
 529                 wrk_fds_delete(tp->t_sock, 3);
 530 #ifdef WIN32 
 531                 closesocket(tp->t_sock); 
 532 #else 
 533                 (void)close(tp->t_sock);
 534 #endif 
 535         }
 536         if (tp->t_out != -1) {
 537                 wrk_fds_delete(tp->t_out, 1);
 538 #ifdef WIN32 
 539                 closesocket(tp->t_out); 
 540 #else 
 541                 (void)close(tp->t_out);
 542 #endif 
 543         }
 544         if (tp->t_outtid > 0) {
true545                 mp = mesg_new(0);
mp <= 4095546                 mp->m_dst = tp->t_outtid;     /* Null Pointer Dereference */
Preconditions 
((char*)$param_1)[144] >= 1
((char*)$param_1)[16] != 0
((char*)$param_1)[24] = 0
((char*)$param_1)[48] != -1
((char*)$param_1)[88] = 0
((char*)$param_1)[104] != -1
((char*)&((char*)*$param_1)[72])[40] >= 0
((char*)&((char*)*$param_1)[80])[16] = 0
((char*)&((char*)*$param_1)[96])[24] = 0
((char*)&((char*)*$param_1)[96])[40] <= 1
((char*)&((char*)((char*)*$param_1)[72])[56])[40] <= 1
((char*)&((char*)((char*)*$param_1)[80])[32])[-4] <= 1
*$param_1 = 0
((char*)*$param_1)[72] >= 0
((char*)*$param_1)[96] = ((char*)$param_1)[96]
numpmsgs = -2
Postconditions 
freepmsgs.m_rlink->m_link' = ((char*)$param_1)[96]
atnewline' = 1
errno' != 0
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
mp' = 0
numpmsgs' = numpmsgs + 2
tmbuf.tm_sec' = &$unknown_127477
tp' = $param_1



Change Warning 2485.2514 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: