CodeSonar : Pvm : Free Null Pointer

Pvm : Pvm analysis 1 : Free Null Pointer at ddpro.c:3086

Categories:

LANG.ALLOC.FNP CWE:590

Warning ID:

2592.2627

Similar Warnings:

2592.2625

Procedure:

dm_db

Trace:

View

Modified:

Wed Sep 2 12:41:57 2009 show details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/ddpro.c

			Enter dm_db

dm_db(hp, mp)

struct hostd *hp;

struct pmsg *mp;

{

int opcode; /* op requested */

2948

int tid;

2949

int req; /* index requested */

2950

int flags;

2951

char *name = 0; /* class name */

2952

struct pmsg *mp2 = 0; /* reply */

2953

struct pmsg *mp3 = 0; /* data message */

2954

2955

struct waitc *wp, *wp2; /* wait ctx ptrs (notify, recvinfo */

2956

struct pmsg *mp4 = 0; /* notify forward message */

2957

struct hostd *hp2; /* remote notify host */

2958

2959

struct pvmmclass *np, *np2; /* reset pointers */

2960

struct pvmmentry *ep, *ep2; /* reset pointers */

2961

int *noresets; /* noreset tids */

2962

int nnr; /* # of noreset tasks */

int found;

int cc;

int i;

int notified;

hp = hp;

if (upkint(mp, &opcode ) || upkint(mp, &tid )

2971

|| upkstralloc(mp, &name ) || upkint(mp, &req ) || upkint(mp, &flags ))

goto badformat;

mp2 = mesg_new (0);

mp2->m_dst = mp->m_src; /* Null Pointer Dereference (ID: 2599.2633) */

2976

mp2->m_tag = DM_DBACK;

2977

mp2->m_wid = mp->m_wid;

switch (opcode) {

case TMDB_PUT:

mp3 = mesg_new (0);

if (pmsg_unpack(mp, mp3 ))

2984

goto badformat;

2985

if ((req = mb_insert(tid, name, req, flags, mp3 )) < 0)

pmsg_unref(mp3 );

else {

/* check for any pending requests for this mbox entry */

...

pmsg_unref(mp3 );

}

}

break;

case TMDB_NAMES:

pkint(mp2, 0);

req = mb_names(tid, name, mp2 );

break;

case TMDB_RESET:

if ( upkint(mp, &nnr ) )

3082

goto badformat;

true

3083

noresets = TALLOC( nnr, int, "int" );

3084

for ( i=0 ; i < nnr ; i++ ) {

3085

if ( upkint(mp, &(noresets[i])) ) {

noresets <= 4095

3086

PVM_FREE(noresets); /* Free Null Pointer */

Preconditions

&$unknown_732773 >= 1
&$unknown_732782 >= 4
&$unknown_732783 != 0
numfrags != 0
numpmsgs != 0

Postconditions

freefrags.fr_link->fr_link->fr_rlink' = freefrags.fr_link->fr_rlink
freepmsgs.m_link->m_link->m_rlink' = freepmsgs.m_link->m_rlink
freefrags.fr_link->fr_buf' = 0
freefrags.fr_link->fr_dat' = 0
freefrags.fr_link->fr_max' = 0
freefrags.fr_link->fr_len' = 0
freefrags.fr_link->fr_u.ref' = 1
freefrags.fr_link->fr_u.dab' = 1
freefrags.fr_link->fr_u.spr' = 0
freefrags.fr_link->fr_rip' = 0
freefrags.fr_link->fr_rlink' = freefrags.fr_link
freepmsgs.m_link->m_tag' = -2147352552
freefrags.fr_link->fr_rlink->fr_link' = freefrags.fr_link->fr_link
freepmsgs.m_link->m_rlink->m_link' = freepmsgs.m_link->m_link
freefrags.fr_link->fr_link' = freefrags.fr_link
bytes_after(&$heap_39720)' = &$unknown_732773
$heap_39720' is allocated by malloc
bytes_before(&$heap_39720)' = 0
hp' = $param_1
i' = &$unknown_732782 / 4
mp' = $param_2
mp2' = freepmsgs.m_link
mp3' = 0
mp4' = 0
name' = &$heap_39720
nnr' >= 2
nnr' >= ( &$unknown_732782 + 4 ) / 4
noresets' = 0
numfrags' = numfrags - 1
numpmsgs' = numpmsgs - 1
opcode' = 5

Change Warning 2592.2627 : Free Null Pointer

Because they are very similar, this warning shares annotations with warning 2592.2625.
CodeSonar has selected warning 2592.2625 to represent this group of similar warnings. In order to edit this group, you must edit warning 2592.2625.