CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at pvmd.c:2798

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2493.2523
Procedure:	netinpkt
Trace:	View
Modified:	Wed Sep 2 12:39:52 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c

			Enter netinpkt

netinpkt(hp, pp)

struct hostd *hp;

struct pkt *pp;

{

struct mca *mcap = 0;

struct task *tp;

struct pmsg *mp;

struct frag *fp;

struct pkt *pp2;

int src = pp->pk_src;

2708

int dst = pp->pk_dst;

2709

int ff = pp->pk_flag;

char *cp;

int i;

int firstmca = 1;

if (pvmdebmask & PDMPACKET) {

2715

pvmlogprintf(

2716

"netinpkt() pkt from %s src t%x dst t%x f %s len %d\n",

2717

hp->hd_name, src, dst, pkt_flags (ff ), pp->pk_len );

2718

}

2719

2720

/* throw out packet if it's not for us */

2721

2722

if (TIDISMCA(dst)) {

2723

for (mcap = hp->hd_mcas->mc_link; mcap != hp->hd_mcas;

2724

mcap = mcap->mc_link)

2725

if (mcap->mc_tid == dst)

2726

break;

2727

if (mcap == hp->hd_mcas)

mcap = 0;

}

if ((dst & tidhmask) != myhostpart && !mcap) {

2732

if (pvmdebmask & (PDMPACKET|PDMAPPL)) {

2733

pvmlogprintf(

2734

"netinpkt() pkt from t%x for t%x scrapped (not us)\n",

src, dst );

}

goto done;

}

if (mcap) {

for (i = mcap->mc_ndst; i-- > 0; ) {

2743

dst = mcap->mc_dsts[i];

2744

if (tp = task_find (dst )) { /* to local task */

pp2 = pk_new (0);

pp2->pk_src = src;

pp2->pk_dst = dst;

pp2->pk_flag = ff;

#if defined(IMA_MPP)

...

2780

if (ff & FFEOM) {

2781

if (pvmdebmask & PDMMESSAGE) {

2782

pvmlogprintf("netinpkt() freed mca %x from t%x\n",

2783

mcap->mc_tid, hp->hd_name );

}

mca_free(mcap );

}

goto done;

}

if ((dst & ~tidhmask) == TIDPVMD) { /* for pvmd */

2791

if (ff & FFSOM) { /* start of message */

2792

if (hp->hd_rxm) {

2793

pvmlogprintf("netinpkt() repeated start pkt from %s\n",

hp->hd_name );

goto done;

}

hp->hd_rxm = mesg_new (0);

hp->hd_rxm <= 4095

2798

hp->hd_rxm->m_enc = pp->pk_enc; /* Null Pointer Dereference */

Preconditions

((char*)$param_1)[144] = 0
((char*)((char*)*$param_1)[176])[16] != ((char*)$param_2)[60]
((char*)*$param_1)[176] != ((char*)$param_1)[176]
numpmsgs = 0

Postconditions

atnewline' = 1
strlen(&buf[0])' = 1
dst' = ((char*)$param_2)[60]
ff' = ((char*)$param_2)[64]
firstmca' = 1
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
hp' = $param_1
mcap' = 0
pp' = $param_2
src' = ((char*)$param_2)[56]
tmbuf.tm_sec' = &$unknown_196311

Change Warning 2493.2523 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: