Text  |   XML   |   Visible Warnings:

Pvm : Pvm analysis 1 : Null Pointer Dereference  at host.c:530

Categories: LANG.MEM.NPD CWE:476
Warning ID: 2570.2602
Procedure: ht_insert
Trace: View
Modified: Wed Sep 2 12:41:30 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/pvm/pvm3/src/ddpro.c
   Enter dm_delhost
 2529 dm_delhost(hp, mp) 
 2530         struct hostd *hp;
 2531         struct pmsg *mp;
 2532 {
 2533         int count;
 2534         char *buf;
 2535         struct pmsg *mp2;               /* DELHOSTACK message */ 
 2536         struct pmsg *mp3;               /* HTDEL message */ 
 2537         struct htab *ht_del;    /* hosts to delete */ 
 2538         struct htab *ht_save;   /* remaining hosts */ 
 2539         int hh;
 2540  
 2541 /* XXX danger, this doesn't check if already doing a host add/delete */ 
 2542  
 2543         /* sanity check count */ 
 2544  
 2545         if (upkint(mp, &count)) {
 2546                 pvmlogerror("dm_delhost() bad msg format\n");
 2547                 return 0;
 2548         }
 2549         if (count < 1 || count > (tidhmask >> (ffs(tidhmask) - 1))) {
 2550                 pvmlogerror("dm_delhost() bad count\n");
 2551                 return 0;
 2552         }
 2553  
 2554         /*
 2555         * read host names from message, generate delete and save sets 
 2556         * and a DELHOSTACK reply message with result code for each host.
 2557         * set SHUTDOWN flag for each host in delete set.
 2558         */ 
 2559  
true2560         ht_del = ht_new(1);   /* Leak (ID: 2568.2600) */
 2561         ht_save = ht_new(1);   /* Leak (ID: 2569.2601) */
 2562         ht_merge(ht_save, hosts);
 2563  
 2564         mp2 = mesg_new(0);
 2565         mp2->m_tag = DM_DELHOSTACK;   /* Null Pointer Dereference (ID: 2574.2606) */
 2566         mp2->m_wid = mp->m_wid;
 2567         mp2->m_dst = mp->m_src;
 2568  
 2569         mp3 = mesg_new(0);
 2570         mp3->m_tag = DM_HTDEL;   /* Null Pointer Dereference (ID: 2573.2605) */
 2571         pkint(mp3, hosts->ht_serial);
 2572  
 2573         pkint(mp2, count);
 2574         while (count-- > 0) {
 2575                 upkstralloc(mp, &buf);
 2576                 if (hp = nametohost(hosts, buf)) {   /* Uninitialized Variable (ID: 2572.2604) */
 2577                         if (tidtohost(ht_del, hp->hd_hostpart)) {
 2578                                 pkint(mp2, PvmDupHost);
 2579  
 2580                         } else {
 2581                                 if (hp->hd_hostpart == myhostpart)
 2582                                         pkint(mp2, PvmBadParam);
 2583  
 2584                                 else {
ht_del->ht_last < 5112585                                         ht_insert(ht_del, hp);
     /u1/paul/SATE/2010/c/pvm/pvm3/src/host.c
     Enter dm_delhost / ht_insert
((char*)$param_1)[4] < 511507   ht_insert(htp, hp) 
 508           struct htab *htp;
 509           struct hostd *hp;
 510   {
 511           int hh;
 512           int i;
 513           unsigned long mask = 0, tmpmask;
 514    
 515           int *dsigs;
 516           int ndsigs;
 517           int found;
 518           int d;
 519    
 520           hh = (hp->hd_hostpart & tidhmask) >> (ffs(tidhmask) - 1);
 521    
 522           /* extend ht_hosts[] if no room */ 
 523    
 524           if (hh > htp->ht_last) {
htp->ht_last < 511525                   int n = htp->ht_last;
 526    
 527                   htp->ht_last = (hh * 3) / 2;
n < 511528                   htp->ht_hosts = TREALLOC(htp->ht_hosts, htp->ht_last + 1, struct hostd*);
 529                   while (++n <= htp->ht_last)
htp->ht_hosts <= 4095530                           htp->ht_hosts[n] = 0;     /* Null Pointer Dereference */  /* 6 more... */
     Exit dm_delhost / ht_insert
Preconditions 
&$unknown_629965 >= 1
&$unknown_629967 = &$unknown_629968 + 136
&$unknown_629967 >= 4232
&$unknown_629970 >= 1
&$unknown_629973 >= 2
&$unknown_629974 >= 2
hosts->ht_last = 1
((char*)&$unknown_629972)[4] != myhostpart
((char*)&$heap_36979)[8] >= 0
strlen(&$heap_36981) > 0
numfrags != 0
numpmsgs = 1
Postconditions 
freefrags.fr_link->fr_link->fr_rlink' = freefrags.fr_link->fr_rlink
freepmsgs.m_link->m_link->m_rlink' = freepmsgs.m_link->m_rlink
freefrags.fr_link->fr_rlink->fr_link' = freefrags.fr_link->fr_link
freepmsgs.m_link->m_rlink->m_link' = freepmsgs.m_link->m_link
((char*)$unknown_629968)[8]' = &$unknown_629967
$unknown_629967' = &freepmsgs.m_link
((char*)&$unknown_629967)[8]' = ((char*)&$unknown_629968)[8]
buf' = &$heap_36981
count' = &$unknown_629965 - 1
freepmsgs.m_link' = &$unknown_629968
freepmsgs.m_rlink' = &$unknown_629968 + 136
$heap_36977' = 0
bytes_after(&$heap_36977)' = 40
$heap_36977' is allocated by malloc
$heap_36977' is allocated
bytes_before(&$heap_36977)' = 0
strlen(&$heap_36977)' = 0
((char*)&$heap_36977)[32]' = 0
((char*)&$heap_36977)[4]' = &$unknown_629974
$heap_36978' = 0
bytes_after(&$heap_36978)' = 16
$heap_36978' is allocated by malloc
$heap_36978' is allocated
bytes_before(&$heap_36978)' = 0
strlen(&$heap_36978)' = 0
$heap_36979' = 0
bytes_after(&$heap_36979)' = 40
$heap_36979' is allocated by malloc
$heap_36979' is allocated
bytes_before(&$heap_36979)' = 0
strlen(&$heap_36979)' = 0
bytes_after(&$heap_36981)' = &$unknown_629970
$heap_36981' is allocated by malloc
bytes_before(&$heap_36981)' = 0
hh' = &$unknown_629973
hp' = &$unknown_629972
hp' = &$unknown_629972
ht_del' = &$heap_36977
ht_save' = &$heap_36979
htp' = &$heap_36977
mask' = 0
mp' = $param_2
mp2' = freepmsgs.m_link
mp3' = &$unknown_629968
n' = 2
numpmsgs' = 49



Change Warning 2570.2602 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: