CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at ddpro.c:2254

Categories:

LANG.MEM.NPD CWE:476

Warning ID:

2558.2590

Similar Warnings:

2558.2589

Procedure:

startack

Trace:

View

Modified:

Wed Sep 2 12:41:18 2009 show details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/ddpro.c

			Enter startack

2056

startack(wp, mp)

2057

struct waitc *wp; /* wait context on hoster */

struct pmsg *mp;

{

struct hostd *hp;

struct pmsg *mp2;

struct waitc *wp2; /* seed waitc for htupd peer group */

2063

struct waitc *wp3;

2064

int count; /* num of new hosts */

2065

int happy; /* num of happy new hosts */

2066

struct waitc_add *wxp;

...

int i, j;

int t;

int hh;

char *buf;

char buf2[256];

* unpack startup results, update hosts in wait context

2078

2079

2080

wxp = (struct waitc_add *)wp->wa_spec;

count = wxp->w_num;

upkint(mp, &j );

while (j-- > 0) {

if (upkuint(mp, &t ) || upkstralloc(mp, &buf )) {

2086

pvmlogerror("startack() bad message format\n");

2087

pkint(wp->wa_mesg, PvmDSysErr );

2088

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

return 0;

}

for (i = count; i-- > 0 && wxp->w_hosts[i]->hd_hostpart != t; ) ;

2095

if (i < 0) {

2096

pvmlogprintf("startack() what? some random tid %x\n", t );

2097

pkint(wp->wa_mesg, PvmDSysErr );

2098

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

PVM_FREE(buf); /* Free Null Pointer (ID: 2562.2594) */

2103

return 0;

2104

}

2105

hp = wxp->w_hosts[i];

2106

ac = sizeof(av)/sizeof(av[0]);

2107

if (crunchzap(buf, &ac, av ) || ac != 5) {

2108

pvmlogprintf("startack() host %s expected version, got \"%s\"\n",

2109

hp->hd_name, buf );

2110

if (!(hp->hd_err = errnamecode(buf )))

2111

hp->hd_err = PvmCantStart;

PVM_FREE(buf);

continue;

}

ver = atoi(av[0]);

if (ver != DDPROTOCOL) {

2118

pvmlogprintf(

2119

"slave_exec() host %s d-d protocol mismatch (%d/%d)\n",

2120

hp->hd_name, ver, DDPROTOCOL );

2121

hp->hd_err = PvmBadVersion;

continue;

}

hp->hd_arch = STRALLOC(av[1]); /* Null Pointer Dereference (ID: 2561.2593) */

2126

hex_inadport(av[2], &hp->hd_sad );

2127

hp->hd_mtu = atoi(av[3]);

2128

hp->hd_dsig = atoi(av[4]);

PVM_FREE(buf);

}

* update reply message to add-host requestor

mp2 = wp->wa_mesg;

pkint(mp2, count );

pkint(mp2, 0); /* XXX narches = 0 for now */

2140

for (i = 0; i < count; i++) {

2141

hp = wxp->w_hosts[i];

2142

if (hp->hd_err) {

2143

pkint(mp2, hp->hd_err );

pkstr(mp2, "");

pkstr(mp2, "");

pkint(mp2, 0);

pkint(mp2, 0);

} else {

pkint(mp2, hp->hd_hostpart );

2151

pkstr(mp2, hp->hd_name );

2152

pkstr(mp2, hp->hd_arch );

2153

pkint(mp2, hp->hd_speed );

2154

pkint(mp2, hp->hd_dsig );

}

}

* delete broken ones, done now if none succeeded,

2160

* otherwise done when host table update is complete.

2161

2162

2163

for (j = i = 0; i < count; i++)

2164

if (!wxp->w_hosts[i]->hd_err) {

2165

hp = wxp->w_hosts[i];

2166

wxp->w_hosts[i] = 0;

2167

wxp->w_hosts[j++] = hp;

2168

2169

} else {

2170

hd_unref(wxp->w_hosts[i]);

wxp->w_hosts[i] = 0;

}

count = j;

if (count < 1) {

busyadding = 0;

sendmessage(wp->wa_mesg );

2178

wp->wa_mesg = 0;

2179

free_waitc_add(wxp );

wait_delete(wp );

return 0;

}

wp2 = wait_new (WT_HTUPD );

2185

wp2->wa_dep = wp->wa_dep;

2186

wp2->wa_mesg = wp->wa_mesg;

wp->wa_mesg = 0;

* make next host table

2191

2192

2193

newhosts = ht_new (1); /* Leak (ID: 2557.2588) */

2194

newhosts->ht_serial = hosts->ht_serial + 1;

2195

newhosts->ht_master = hosts->ht_master;

2196

newhosts->ht_cons = hosts->ht_cons;

2197

newhosts->ht_local = hosts->ht_local;

2198

2199

for (i = 0; i < count; i++)

2200

ht_insert(newhosts, wxp->w_hosts[i]);

2201

2202

free_waitc_add(wxp );

wait_delete(wp );

wp = 0;

runstate = PVMDHTUPD;

2207

2208

2209

* send DM_SLCONF message to each new host

2210

2211

2212

for (hh = newhosts->ht_last; hh > 0; hh--)

2213

if (hp = newhosts->ht_hosts[hh]) {

2214

mp2 = mesg_new (0);

2215

mp2->m_tag = DM_SLCONF; /* Null Pointer Dereference (ID: 2559.2591) */

2216

mp2->m_dst = hp->hd_hostpart | TIDPVMD;

2217

if (hp->hd_epath) {

2218

pkint(mp2, DM_SLCONF_EP );

2219

pkstr(mp2, hp->hd_epath );

2220

}

2221

if (hp->hd_bpath) {

2222

pkint(mp2, DM_SLCONF_BP );

2223

pkstr(mp2, hp->hd_bpath );

2224

}

2225

if (hp->hd_wdir) {

2226

pkint(mp2, DM_SLCONF_WD );

2227

pkstr(mp2, hp->hd_wdir );

2228

}

2229

if (pvmschedtid) {

2230

sprintf(buf2, "%x", pvmschedtid);

2231

pkint(mp2, DM_SLCONF_SCHED );

2232

pkstr(mp2, buf2 );

2233

}

2234

if (pvmtracer.trctid || pvmtracer.outtid) {

2235

sprintf(buf2, "%x %d %d %x %d %d %d %d %s",

2236

pvmtracer.trctid, pvmtracer.trcctx,

2237

pvmtracer.trctag,

2238

pvmtracer.outtid, pvmtracer.outctx,

2239

pvmtracer.outtag,

2240

pvmtracer.trcbuf, pvmtracer.trcopt,

2241

pvmtracer.tmask);

2242

pkint(mp2, DM_SLCONF_TRACE );

pkstr(mp2, buf2 );

}

sendmessage(mp2 );

}

* create host table update message containing all current hosts

2250

* plus new ones, send to each new host.

mp2 = mesg_new (0);

mp2->m_tag = DM_HTUPD; /* Null Pointer Dereference */

Preconditions

&$unknown_597377 >= 2
&$unknown_597385 = &freepmsgs.m_link
((char*)$param_1)[40] >= 0
waitlist->wa_wid >= widbase + 2
*$param_1 >= 0
((char*)*$param_1)[72] >= 2
((char*)&$unknown_597383)[40] != 0
((char*)&$unknown_597383)[48] != 0
((char*)&$unknown_597383)[56] != 0
$heap_34718 != 0
strlen(&$heap_34718) != 0
pvmschedtid != 0
pvmtracer.trctid != 0
widrange <= lastwid

Postconditions

((char*)$unknown_597385)[8]' = ((char*)&$unknown_597385)[8]
waitlist->wa_rlink' = &$heap_34719
waitlist->wa_rlink->wa_link' = &$heap_34719
((char*)$unknown_597385)[8]' = $unknown_597385
$unknown_597385' = &freepmsgs.m_link
((char*)&$unknown_597385)[24]' = 0
buf' = &$heap_34718
count' = &$unknown_597377
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
$heap_34719' = waitlist
bytes_after(&$heap_34719)' = 80
$heap_34719' is allocated by malloc
$heap_34719' is allocated
bytes_before(&$heap_34719)' = 0
((char*)&$heap_34719)[16]' = widbase + 1
((char*)&$heap_34719)[20]' = 6
((char*)&$heap_34719)[24]' = 0
((char*)&$heap_34719)[28]' = 0
((char*)&$heap_34719)[32]' = ((char*)$param_1)[32]
((char*)&$heap_34719)[56]' = ((char*)$param_1)[56]
((char*)&$heap_34719)[64]' = 0
((char*)&$heap_34719)[72]' = 0
((char*)&$heap_34719)[8]' = waitlist->wa_rlink
$heap_34721' = hosts->ht_serial + 1
bytes_after(&$heap_34721)' = 40
$heap_34721' is allocated by malloc
$heap_34721' is allocated
bytes_before(&$heap_34721)' = 0
strlen(&$heap_34721)' = 0
((char*)&$heap_34721)[16]' = hosts->ht_cons
((char*)&$heap_34721)[20]' = hosts->ht_local
((char*)&$heap_34721)[4]' = 1
((char*)&$heap_34721)[8]' >= 0
((char*)&$heap_34721)[12]' = hosts->ht_master
hh' = 0
hp' = &$unknown_597383
i' = &$unknown_597377
j' = &$unknown_597377
lastwid' = 1
mp' = $param_2
mp2' = 0
newhosts' = &$heap_34721
numpmsgs' = 0
runstate' = 2
wp' = 0
wp2' = &$heap_34719
wxp' = ((char*)$param_1)[72]

Change Warning 2558.2590 : Null Pointer Dereference

Because they are very similar, this warning shares annotations with warning 2558.2589.
CodeSonar has selected warning 2558.2589 to represent this group of similar warnings. In order to edit this group, you must edit warning 2558.2589.