CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at pvmd.c:3916

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2525.2556
Procedure:	forkexec
Trace:	View
Modified:	Wed Sep 2 12:40:20 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c

			Enter forkexec

3838

forkexec(flags, name, argv, nenv, env, inst, hosttotal, outof, tpp)

3839

int flags; /* exec options */

3840

char *name; /* filename */

3841

char **argv; /* arg list (argv[-1] must be there) */

3842

int nenv; /* num of envars */

3843

char **env; /* envars */

3844

int inst; /* this processes instance */

3845

int hosttotal; /* how many on this host */

3846

int outof; /* how many are being spawned across machine */

3847

struct task **tpp; /* return task context */

3848

{

...

char buf[32];

#ifdef IMA_BEOSCYLD

int node;

#endif

static char *nullep[] = { "", 0 };

3867

#ifndef IMA_OS2

3868

static int nextfakepid = 10000000; /* XXX fix this */

3869

#endif

3870

3871

if ((tid = tid_new()) < 0) {

3872

pvmlogerror("forkexec() out of tids?\n");

3873

return PvmOutOfRes;

3874

}

3875

if ((tp = task_new (tid )) == NULL) {

3876

pvmlogerror("forkexec() too many tasks?\n");

return PvmOutOfRes;

}

/* search for file */

3881

3882

eplist = CINDEX(name, '/') ? nullep : epaths;

3883

3884

for (ep = eplist; *ep; ep++) {

3885

(void)strcpy(path, *ep);

3886

if (path[0])

3887

(void)strcat(path, "/");

3888

(void)strncat(path, name, sizeof(path) - strlen(path) - 1);

3889

#ifdef IMA_OS2

3890

(void)strcat(path,".exe"); /* no *.cmd !!! */

3891

#endif

3892

#ifdef IMA_BEOSCYLD

3893

/* what node are we on? */

3894

node = bproc_currnode();

3895

/* only perform the stat check when we're

3896

* running on the master; since the slave

3897

* nodes typically don't contain binaries,

3898

* the stat call is more than likely to fail

3899

* anyway; down below we perform some bproc

3900

* magic to "find" the binary back on the

3901

* master when we're running on a slave

3902

3903

if(node == BPROC_NODE_MASTER)

3904

#endif

3905

if (stat(path, &sb ) == -1

3906

|| ((sb.st_mode & S_IFMT) != S_IFREG)

3907

|| !(sb.st_mode & S_IEXEC)) {

3908

if (pvmdebmask & PDMTASK) {

3909

pvmlogprintf("forkexec() stat failed <%s>\n", path );

}

continue;

}

if (taskertid) {

mp = mesg_new (0);

mp->m_tag = SM_STTASK; /* Null Pointer Dereference */

Preconditions

&$unknown_338005 != 0
&$unknown_338006 >= epaths
((char*)$unknown_338006)[8] = 0
strlen(((char*)&$unknown_338006)[8]) = 0
numpmsgs = 0
taskertid != 0

Postconditions

argv' = $param_3
env' = $param_5
ep' = &$unknown_338006 + 8
eplist' = epaths
flags' = $param_1
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
hosttotal' = $param_7
inst' = $param_6
mp' = 0
name' = $param_2
nenv' = $param_4
outof' = $param_8
path[0]' = ((char*)$unknown_338006)[8]
path[0]' is checked by path name
tid' >= 0
tp' = &$unknown_338005
tpp' = $param_9

Change Warning 2525.2556 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: