CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at pvmd.c:3421

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2494.2524
Procedure:	loclinpkt
Trace:	View
Modified:	Wed Sep 2 12:39:52 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c

			Enter loclinpkt

loclinpkt(tp, pp)

struct task *tp;

struct pkt *pp;

{

int dst; /* pkt dst */

3317

int ff; /* pkt flags */

struct pkt *pp2;

struct frag *fp;

struct pmsg *mp;

struct hostd *hp;

struct task *tp2;

#if defined(IMA_CM5) || defined(IMA_SP2MPI) || defined(IMA_AIX4SP2) \

3324

|| defined(IMA_AIX5SP2)

3325

struct task *socktp = tp; /* owner of the socket */

#endif

dst = pp->pk_dst;

ff = pp->pk_flag;

if (pvmdebmask & PDMPACKET) {

3331

pvmlogprintf(

3332

"loclinpkt() src t%x dst t%x f %s len %d\n",

3333

pp->pk_src, dst, pkt_flags (ff ), pp->pk_len );

3334

}

3335

3336

#if defined(IMA_SP2MPI) || defined(IMA_AIX4SP2) || defined(IMA_AIX5SP2)

3337

if (pp->pk_src > 0 && !tp->t_tid && (tp2 = task_findpid(pp->pk_src))) {

3338

/* connect request from pvmhost */

mpp_conn(tp, tp2);

pk_free(pp);

return -1;

}

#endif

...

3348

if (!(tp = task_find(pp->pk_src))) {

3349

pvmlogprintf("loclinpkt() from unknown task t%x\n", pp->pk_src);

3350

goto done;

3351

}

3352

#endif /*defined(IMA_PGON) || defined(IMA_I860) || defined(IMA_CM5) || defined(IMA_SP2MPI)*/

3353

3354

3355

* if to multicast addr, replicate pkt in each q

3356

3357

3358

if (TIDISMCA(dst) && tp->t_mca && tp->t_mca->mc_tid == dst) {

3359

3360

struct mca *mcap = tp->t_mca;

3361

int i;

3362

3363

for (i = mcap->mc_ndst; i-- > 0; ) {

3364

dst = mcap->mc_dsts[i];

3365

if (hp = tidtohost (hosts, dst )) {

3366

pp2 = pk_new (0);

3367

pp2->pk_src = pp->pk_src;

3368

pp2->pk_dst = mcap->mc_tid;

...

mca_free(mcap );

tp->t_mca = 0;

}

goto done;

}

* if to a pvmd, always reassemble (forward if not for us)

3411

3412

3413

if ((dst & ~tidhmask) == TIDPVMD) {

3414

if (ff & FFSOM) { /* start of message */

3415

if (tp->t_rxm) {

3416

pvmlogprintf("loclinpkt() repeated start pkt t%x\n",

tp->t_tid );

goto done;

}

tp->t_rxm = mesg_new (0);

tp->t_rxm <= 4095

3421

tp->t_rxm->m_ctx = pp->pk_ctx; /* Null Pointer Dereference */

Preconditions

((char*)$param_1)[96] = 0
((char*)&((char*)*$param_1)[136])[16] != ((char*)$param_2)[60]
numpmsgs = 0

Postconditions

strlen(&buf[0])' = 1
dst' = ((char*)$param_2)[60]
ff' = ((char*)$param_2)[64]
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
pp' = $param_2
tp' = $param_1

Change Warning 2494.2524 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: