CodeSonar : Pvm : Buffer Overrun

Pvm : Pvm analysis 1 : Buffer Overrun at pvmd.c:5407

Categories:	LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID:	2674.2723
Procedure:	master_config
Trace:	View
Modified:	Wed Sep 2 12:43:08 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c

			Enter master_config

5317

master_config(hn, argc, argv)

5318

char *hn; /* hostname or null */

int argc;

char **argv;

{

struct hostent *he;

struct hostd *hp;

struct hostd *hp2;

int i;

char *s;

if (argc > 2) {

pvmlogerror("usage: pvmd3 [-ddebugmask] [-nhostname] [hostfile]\n");

pvmbailout(0);

}

if (argc == 2) {

filehosts = readhostfile (argv[1]);

5334

}

5335

else if (s = getenv("PVMHOSTFILE")) {

5336

filehosts = readhostfile (s );

5337

}

5338

if (pvmdebmask & PDMSTARTUP) {

5339

if (filehosts) {

5340

pvmlogerror("master_config() host file:\n");

ht_dump(filehosts );

} else

pvmlogerror("master_config() null host file\n");

5345

}

5346

	5347		hosts = ht_new (1);

5348

hosts->ht_serial = 1;

5349

hosts->ht_master = 1;

hosts->ht_cons = 1;

hosts->ht_local = 1;

hp = hd_new (1);

hp->hd_name = STRALLOC(hn); /* Null Pointer Dereference (ID: 2687.2738) */

5355

hp->hd_arch = STRALLOC(myarchname); /* Null Pointer Dereference (ID: 2685.2737) */

5356

hp->hd_mtu = pvmudpmtu;

5357

hp->hd_dsig = pvmmydsig;

5358

ht_insert(hosts, hp );

hd_unref(hp );

hp = hd_new (0);

hp->hd_name = STRALLOC("pvmd'"); /* Null Pointer Dereference (ID: 2686.2736) */

5363

hp->hd_arch = STRALLOC(myarchname); /* Null Pointer Dereference (ID: 2685.2734) */

5364

hp->hd_mtu = pvmudpmtu;

5365

hp->hd_dsig = pvmmydsig;

5366

ht_insert(hosts, hp );

hd_unref(hp );

* get attributes from host file if available

5371

5372

5373

hp = hosts->ht_hosts[1];

5374

if (filehosts &&

5375

((hp2 = nametohost (filehosts, hp->hd_name ))

5376

|| (hp2 = filehosts->ht_hosts[0]))) {

5377

applydefaults(hp, hp2 );

}

if (!hp->hd_epath) {

if ((s = getenv("PVM_PATH")))

5382

hp->hd_epath = STRALLOC(s); /* Null Pointer Dereference (ID: 2683.2732) */

5383

else

5384

hp->hd_epath = STRALLOC(DEFBINDIR); /* Null Pointer Dereference (ID: 2682.2731) */

5385

}

5386

epaths = colonsep (varsub (hp->hd_epath ));

5387

if (!hp->hd_bpath)

5388

hp->hd_bpath = STRALLOC(DEFDEBUGGER); /* Null Pointer Dereference (ID: 2680.2729) */

5389

debugger = varsub (hp->hd_bpath );

5390

if (!hp->hd_wdir) {

5391

if ((s = getenv("PVM_WD")))

5392

hp->hd_wdir = STRALLOC(s); /* Null Pointer Dereference (ID: 2679.2728) */

5393

else

5394

hp->hd_wdir = STRALLOC (pvmgethome ()); /* Null Pointer Dereference (ID: 2678.2727) */

5395

}

5396

s = varsub (hp->hd_wdir );

5397

if (chdir(s) == -1) /* Null Pointer Dereference (ID: 2675.2724) */

pvmlogperror(s );

PVM_FREE(s);

if (!(he = gethostbyname(hp->hd_aname ? hp->hd_aname : hp->hd_name))) {

5402

pvmlogprintf("master_config() %s: can't gethostbyname\n", hn );

pvmbailout(0);

}

BCOPY(he->h_addr_list[0], (char*)&hp->hd_sad.sin_addr,

bytes_after(he) < 32

5407

sizeof(struct in_addr)); /* Buffer Overrun */

Preconditions

$param_2 = 2
((char*)&$unknown_839375)[4] >= 1
((char*)&$heap_105856)[8] >= -1
((char*)&$heap_105864)[144] >= 0
((char*)&$heap_105864)[32] = 0
$input_12 >= 1
$input_60 != 0

Postconditions

((char*)&((char*)$unknown_839374)[8])[184]' = &$heap_105870
((char*)&((char*)$unknown_839374)[8])[40]' = &$heap_105872
((char*)&((char*)$unknown_839374)[8])[48]' = &$heap_105874
((char*)&((char*)$unknown_839374)[8])[56]' = &$heap_105875
argc' = $param_2
argv' = $param_3
atnewline' = 1
debugger' = &$unknown_839378
epaths' = &$heap_105873
filehosts' = &$unknown_839375
ghbn_h_name[0]' = 60
strlen(&ghbn_h_name[0])' = 255
ghbn_h_name[255]' = 0
hd' = &#string17[0]
he' = &stored_hostent.h_name
$heap_105856' = 1
bytes_after(&$heap_105856)' = 40
$heap_105856' is allocated by malloc
$heap_105856' is allocated
bytes_before(&$heap_105856)' = 0
strlen(&$heap_105856)' = 0
((char*)&$heap_105856)[16]' = 1
((char*)&$heap_105856)[20]' = 1
((char*)&$heap_105856)[32]' = &$unknown_839374
((char*)&$heap_105856)[8]' = ((char*)&$heap_105856)[8] + 1
((char*)&$heap_105856)[12]' = 1
$heap_105858' = 1
bytes_after(&$heap_105858)' = 200
$heap_105858' is allocated by malloc
bytes_before(&$heap_105858)' = 0
strlen(&$heap_105858)' = 0
((char*)&$heap_105858)[136]' = &$heap_105859
((char*)&$heap_105858)[152]' = 1
((char*)&$heap_105858)[16]' = &$heap_105863
((char*)&$heap_105858)[168]' = 1000
((char*)&$heap_105858)[176]' = 0
((char*)&$heap_105858)[76]' = pvmmydsig
((char*)&$heap_105858)[8]' = &$heap_105862
((char*)&$heap_105858)[84]' = pvmudpmtu
((char*)&$heap_105858)[88]' = 2
((char*)&$heap_105858)[104]' = 1
((char*)&$heap_105858)[108]' = 1
((char*)&$heap_105858)[112]' = &$heap_105861
((char*)&$heap_105858)[120]' = &$heap_105860
bytes_after(&$heap_105859)' = 184
$heap_105859' is allocated by malloc
$heap_105859' is allocated
bytes_before(&$heap_105859)' = 0
((char*)&$heap_105859)[16]' = 0
((char*)&$heap_105859)[176]' = 0
((char*)&$heap_105859)[24]' = 0
((char*)&$heap_105859)[32]' = 0
((char*)&$heap_105859)[40]' = 0
bytes_after(&$heap_105860)' = 184
$heap_105860' is allocated by malloc
$heap_105860' is allocated
bytes_before(&$heap_105860)' = 0
((char*)&$heap_105860)[16]' = 0
((char*)&$heap_105860)[176]' = 0
((char*)&$heap_105860)[24]' = 0
((char*)&$heap_105860)[32]' = 0
((char*)&$heap_105860)[40]' = 0
bytes_after(&$heap_105861)' = 184
$heap_105861' is allocated by malloc
$heap_105861' is allocated
bytes_before(&$heap_105861)' = 0
((char*)&$heap_105861)[16]' = 0
((char*)&$heap_105861)[176]' = 0
((char*)&$heap_105861)[24]' = 0
((char*)&$heap_105861)[32]' = 0
((char*)&$heap_105861)[40]' = 0
$heap_105862' = *$param_1
bytes_after(&$heap_105862)' = strlen($param_1) + 1
$heap_105862' is allocated by malloc
$heap_105862' is allocated
bytes_before(&$heap_105862)' = 0
strlen(&$heap_105862)' = strlen($param_1)
$heap_105863' = *myarchname
bytes_after(&$heap_105863)' = strlen(myarchname) + 1
$heap_105863' is allocated by malloc
$heap_105863' is allocated
bytes_before(&$heap_105863)' = 0
strlen(&$heap_105863)' = strlen(myarchname)
$heap_105864' = 0
bytes_after(&$heap_105864)' = 200
$heap_105864' is allocated by malloc
$heap_105864' is freed
bytes_before(&$heap_105864)' = 0
strlen(&$heap_105864)' = 0
((char*)&$heap_105864)[136]' = &$heap_105867
((char*)&$heap_105864)[152]' = 1
((char*)&$heap_105864)[16]' = &$heap_105869
((char*)&$heap_105864)[168]' = 1000
((char*)&$heap_105864)[176]' = 0
((char*)&$heap_105864)[76]' = pvmmydsig
((char*)&$heap_105864)[8]' = &$heap_105868
((char*)&$heap_105864)[84]' = pvmudpmtu
((char*)&$heap_105864)[88]' = 2
((char*)&$heap_105864)[104]' = 1
((char*)&$heap_105864)[108]' = 1
((char*)&$heap_105864)[112]' = &$heap_105866
((char*)&$heap_105864)[120]' = &$heap_105865
bytes_after(&$heap_105865)' = 184
$heap_105865' is allocated by malloc
bytes_before(&$heap_105865)' = 0
((char*)&$heap_105865)[176]' = 0
((char*)&$heap_105865)[32]' = 0
((char*)&$heap_105865)[40]' = 0
bytes_after(&$heap_105866)' = 184
$heap_105866' is allocated by malloc
bytes_before(&$heap_105866)' = 0
((char*)&$heap_105866)[16]' = 0
((char*)&$heap_105866)[176]' = 0
((char*)&$heap_105866)[24]' = 0
((char*)&$heap_105866)[32]' = 0
((char*)&$heap_105866)[40]' = 0
$heap_105867' = &$heap_105867
bytes_after(&$heap_105867)' = 184
$heap_105867' is allocated by malloc
bytes_before(&$heap_105867)' = 0
((char*)&$heap_105867)[176]' = 0
((char*)&$heap_105867)[32]' = 0
((char*)&$heap_105867)[40]' = 0
((char*)&$heap_105867)[8]' = &$heap_105867
$heap_105868' = 112
bytes_after(&$heap_105868)' = 6
$heap_105868' is allocated by malloc
bytes_before(&$heap_105868)' = 0
strlen(&$heap_105868)' = 5
$heap_105869' = *myarchname
bytes_after(&$heap_105869)' = strlen(myarchname) + 1
$heap_105869' is allocated by malloc
bytes_before(&$heap_105869)' = 0
strlen(&$heap_105869)' = strlen(myarchname)
bytes_after(&$heap_105870)' = strlen(((char*)&$unknown_839376)[184]) + 1
$heap_105870' is allocated by malloc
$heap_105870' is allocated
bytes_before(&$heap_105870)' = 0
strlen(&$heap_105870)' = strlen(((char*)&$unknown_839376)[184])
$heap_105871' = $input_60
bytes_after(&$heap_105871)' = $input_12 + 1
$heap_105871' is allocated by malloc
$heap_105871' is a non-heap object
bytes_before(&$heap_105871)' = 0
strlen(&$heap_105871)' = $input_12
$heap_105872' = $input_60
bytes_after(&$heap_105872)' = $input_12 + 1
$heap_105872' is allocated by malloc
$heap_105872' is allocated
bytes_before(&$heap_105872)' = 0
$heap_105873' = &$unknown_839377
$heap_105873' is allocated by malloc
$heap_105873' is allocated
bytes_before(&$heap_105873)' = 0
((char*)&$heap_105873)[8]' = 0
$heap_105874' = 36
bytes_after(&$heap_105874)' = 23
$heap_105874' is allocated by malloc
$heap_105874' is allocated
bytes_before(&$heap_105874)' = 0
bytes_after(&$heap_105875)' = 2
$heap_105875' is allocated by malloc
$heap_105875' is allocated
bytes_before(&$heap_105875)' = 0
strlen(&$heap_105875)' = strlen(&$unknown_839379)
$heap_105876' is allocated by malloc
$heap_105876' is freed
bytes_before(&$heap_105876)' = 0
hn' = $param_1
hosts' = &$heap_105856
hp' = ((char*)&$unknown_839374)[8]
hp2' = &$unknown_839376
s' = &$heap_105876
tmbuf.tm_sec' = &$unknown_839380

Change Warning 2674.2723 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: