CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at pmsg.c:2816

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	2598.2632
Procedure:	pmsg_unpack
Trace:	View
Modified:	Wed Sep 2 12:41:59 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/ddpro.c

			Enter dm_db

dm_db(hp, mp)

struct hostd *hp;

struct pmsg *mp;

{

int opcode; /* op requested */

2948

int tid;

2949

int req; /* index requested */

2950

int flags;

2951

char *name = 0; /* class name */

2952

struct pmsg *mp2 = 0; /* reply */

2953

struct pmsg *mp3 = 0; /* data message */

2954

2955

struct waitc *wp, *wp2; /* wait ctx ptrs (notify, recvinfo */

2956

struct pmsg *mp4 = 0; /* notify forward message */

2957

struct hostd *hp2; /* remote notify host */

2958

2959

struct pvmmclass *np, *np2; /* reset pointers */

2960

struct pvmmentry *ep, *ep2; /* reset pointers */

2961

int *noresets; /* noreset tids */

2962

int nnr; /* # of noreset tasks */

int found;

int cc;

int i;

int notified;

hp = hp;

if (upkint(mp, &opcode ) || upkint(mp, &tid )

2971

|| upkstralloc(mp, &name ) || upkint(mp, &req ) || upkint(mp, &flags ))

goto badformat;

mp2 = mesg_new (0);

mp2->m_dst = mp->m_src; /* Null Pointer Dereference (ID: 2599.2633) */

2976

mp2->m_tag = DM_DBACK;

2977

mp2->m_wid = mp->m_wid;

switch (opcode) {

case TMDB_PUT:

mp3 = mesg_new (0);

if (pmsg_unpack(mp, mp3 ))

					/u1/paul/SATE/2010/c/pvm/pvm3/src/pmsg.c

					Enter dm_db / pmsg_unpack

$param_2 <= 4095

2782

pmsg_unpack(mp, mp2)

2783

struct pmsg *mp; /* message to unpack from */

2784

struct pmsg *mp2; /* blank message to write on */

{

struct frag *fp;

int cc;

int mlen;

int frl;

if (cc = (mp->m_codef->dec_int)

2792

(mp, (void*)&mlen, 1, 1, sizeof(int)))

2793

return cc;

2794

if (cc = (mp->m_codef->dec_int)

2795

(mp, (void*)&mp2->m_ctx, 1, 1, sizeof(int)))

2796

return cc;

2797

if (cc = (mp->m_codef->dec_int)

2798

(mp, (void*)&mp2->m_tag, 1, 1, sizeof(int)))

2799

return cc;

2800

if (cc = (mp->m_codef->dec_int)

2801

(mp, (void*)&mp2->m_wid, 1, 1, sizeof(int)))

2802

return cc;

2803

if (cc = (mp->m_codef->dec_int)

2804

(mp, (void*)&mp2->m_enc, 1, 1, sizeof(int)))

2805

return cc;

2806

if (cc = (mp->m_codef->dec_int)

2807

(mp, (void*)&mp2->m_crc, 1, 1, sizeof(int)))

2808

return cc;

2809

if (cc = (mp->m_codef->dec_int)

2810

(mp, (void*)&mp2->m_src, 1, 1, sizeof(int)))

2811

return cc;

2812

if (cc = (mp->m_codef->dec_int)

2813

(mp, (void*)&mp2->m_dst, 1, 1, sizeof(int)))

return cc;

mp2->m_len = 0; /* Null Pointer Dereference */

					Exit dm_db / pmsg_unpack

Preconditions

&$unknown_746489 = 1
&$unknown_746490 = 4
&$unknown_746491 = 1
&$unknown_746492 = 64
&$unknown_746494 = 1
&$unknown_746495 = 4
&$unknown_746496 = 1
&$unknown_746497 = 68
numfrags = 0
numpmsgs = 1

Postconditions

freepmsgs.m_link->m_link->m_rlink' = freepmsgs.m_link->m_rlink
freepmsgs.m_link->m_tag' = -2147352552
freepmsgs.m_link->m_rlink->m_link' = freepmsgs.m_link->m_link
$unknown_746457' = &freefrags.fr_link
((char*)&$unknown_746457)[8]' = ((char*)&$unknown_746456)[8]
cc' = 0
freefrags.fr_link' = &$unknown_746457 - 64
freefrags.fr_rlink' = &$unknown_746457
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
hp' = $param_1
mp' = $param_2
mp' = $param_2
mp2' = freepmsgs.m_link
mp2' = 0
mp3' = 0
mp4' = 0
name' = 0
numfrags' = 499
numpmsgs' = numpmsgs - 1
opcode' = 1

Change Warning 2598.2632 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: