Text  |   XML   |   Visible Warnings:

Pvm : Pvm analysis 1 : Null Pointer Dereference  at pkt.c:157

Categories: LANG.MEM.NPD CWE:476
Warning ID: 2488.2517
Procedure: pk_free
Trace: View
Modified: Wed Sep 2 12:39:50 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c
   Enter clear_opq_of
 1674 clear_opq_of(tid) 
 1675         int tid;                        /* host */ 
 1676 {
 1677         struct pkt *pp, *pp2;
 1678  
 1679         for (pp = opq->pk_tlink; pp != opq; pp = pp->pk_tlink) {
true1680                 if (pp->pk_dst == tid && !pp->pk_link) {   /* Use After Free (ID: 2490.2519) */
 1681                         pp2 = pp->pk_trlink;
 1682                         LISTDELETE(pp, pk_tlink, pk_trlink);   /* Null Pointer Dereference (ID: 2489.2518) */
pp->pk_link <= 40951683                         pk_free(pp);
     /u1/paul/SATE/2010/c/pvm/pvm3/src/pkt.c
     Enter clear_opq_of / pk_free
*$param_1 <= 4095142   pk_free(pp) 
 143           struct pkt *pp;
 144   {
 145           struct pkt *pp2, *pp3;
 146    
 147           if (pp->pk_buf) {               /* slave pkt */ 
 148                   if (pp->pk_tlink) {
 149                           LISTDELETE(pp, pk_tlink, pk_trlink);
 150                   }
 151                   da_unref(pp->pk_buf);
 152    
 153           } else {                                /* master pkt */ 
 154    
 155           /* free all pkts in chain */ 
pp->pk_link <= 4095156                   for (pp2 = pp->pk_link; pp2 != pp; pp2 = pp3) {
pp2 <= 4095157                           pp3 = pp2->pk_link;     /* Null Pointer Dereference */
     Exit clear_opq_of / pk_free
 1684                         pp = pp2;
Preconditions 
((char*)&((char*)$unknown_173225)[16])[16] != opq
((char*)&((char*)$unknown_173225)[16])[32] = 0
opq->pk_tlink != opq
((char*)$unknown_173225)[16] = 0
((char*)&$unknown_173225)[16] != opq
Postconditions 
((char*)&((char*)((char*)$unknown_173225)[16])[16])[24]' = ((char*)&((char*)$unknown_173225)[16])[24]
((char*)&((char*)((char*)$unknown_173225)[16])[24])[16]' = ((char*)&((char*)$unknown_173225)[16])[16]
((char*)&((char*)$unknown_173225)[16])[16]' = 0
((char*)&((char*)$unknown_173225)[16])[24]' = 0
pp' = ((char*)&$unknown_173225)[16]
pp' = ((char*)&$unknown_173225)[16]
pp2' = ((char*)$unknown_173225)[16]
pp2' = ((char*)&((char*)$unknown_173225)[16])[24]
tid' = $param_1



Change Warning 2488.2517 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: