Text  |   XML   |   Visible Warnings:

Pvm : Pvm analysis 1 : Buffer Overrun  at pvmd.c:5238

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 2676.2725
Procedure: varsub
Trace: View
Modified: Wed Sep 2 12:43:12 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/pvm/pvm3/src/pvmd.c
   Enter master_config
 5317 master_config(hn, argc, argv) 
 5318         char *hn;                       /* hostname or null */ 
 5319         int argc;
 5320         char **argv;
 5321 {
 5322         struct hostent *he;
 5323         struct hostd *hp;
 5324         struct hostd *hp2;
 5325         int i;
 5326         char *s;
 5327  
 5328         if (argc > 2) {
 5329                 pvmlogerror("usage: pvmd3 [-ddebugmask] [-nhostname] [hostfile]\n");
 5330                 pvmbailout(0);
 5331         }
 5332         if (argc == 2) {
 5333                 filehosts = readhostfile(argv[1]);
 5334         }
 5335         else if (s = getenv("PVMHOSTFILE")) {
 5336                 filehosts = readhostfile(s);
 5337         }
 5338         if (pvmdebmask & PDMSTARTUP) {
 5339                 if (filehosts) {
 5340                         pvmlogerror("master_config() host file:\n");
 5341                         ht_dump(filehosts);
 5342  
 5343                 } else 
 5344                         pvmlogerror("master_config() null host file\n");
 5345         }
 5346  
 5347         hosts = ht_new(1);
 5348         hosts->ht_serial = 1;
 5349         hosts->ht_master = 1;
 5350         hosts->ht_cons = 1;
 5351         hosts->ht_local = 1;
 5352  
 5353         hp = hd_new(1);
 5354         hp->hd_name = STRALLOC(hn);   /* Null Pointer Dereference (ID: 2687.2738) */
 5355         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 2685.2737) */
 5356         hp->hd_mtu = pvmudpmtu;
 5357         hp->hd_dsig = pvmmydsig;
 5358         ht_insert(hosts, hp);
 5359         hd_unref(hp);
 5360  
 5361         hp = hd_new(0);
 5362         hp->hd_name = STRALLOC("pvmd'");   /* Null Pointer Dereference (ID: 2686.2736) */
 5363         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 2685.2734) */
 5364         hp->hd_mtu = pvmudpmtu;
 5365         hp->hd_dsig = pvmmydsig;
 5366         ht_insert(hosts, hp);
 5367         hd_unref(hp);
 5368  
 5369         /*
 5370         * get attributes from host file if available 
 5371         */ 
 5372  
 5373         hp = hosts->ht_hosts[1];
 5374         if (filehosts &&
 5375                         ((hp2 = nametohost(filehosts, hp->hd_name)) 
 5376                         || (hp2 = filehosts->ht_hosts[0]))) {
 5377                 applydefaults(hp, hp2);
 5378         }
 5379  
 5380         if (!hp->hd_epath) {
 5381                 if ((s = getenv("PVM_PATH")))
 5382                         hp->hd_epath = STRALLOC(s);   /* Null Pointer Dereference (ID: 2683.2732) */
 5383                 else 
 5384                         hp->hd_epath = STRALLOC(DEFBINDIR);   /* Null Pointer Dereference (ID: 2682.2731) */
 5385         }
 5386         epaths = colonsep(varsub(hp->hd_epath));
 5387         if (!hp->hd_bpath)
 5388                 hp->hd_bpath = STRALLOC(DEFDEBUGGER);   /* Null Pointer Dereference (ID: 2680.2729) */
 5389         debugger = varsub(hp->hd_bpath);
 5390         if (!hp->hd_wdir) {
 5391                 if ((s = getenv("PVM_WD")))
 5392                         hp->hd_wdir = STRALLOC(s);   /* Null Pointer Dereference (ID: 2679.2728) */
 5393                 else 
true5394                         hp->hd_wdir = STRALLOC(pvmgethome());   /* Null Pointer Dereference (ID: 2678.2727) */
 5395         }
bytes_after(hp->hd_wdir) < 35396         s = varsub(hp->hd_wdir);
     Enter master_config / varsub
 5205   char * 
bytes_after($param_1) < 35206   varsub(s) 
 5207           char *s;
 5208   {
 5209           int rm = 8;             /* length of result string space */ 
 5210           char *r;                /* result string */ 
 5211           int rl = 0;
 5212           char *p;
 5213           char *vn, *vv;
 5214           char c;
 5215           int l;
 5216    
 5217           r = TALLOC(rm, char, "var");
 5218           while (*s) {   /* Null Pointer Dereference (ID: 2556.2587) */
bytes_after(s) < 35219                   for (p = s; *p && *p != '$'; p++) ;
 5220                   if (l = p - s) {
 5221                           if (rl + l >= rm) {
 5222                                   rm = rl + l + 1;
 5223                                   r = TREALLOC(r, rm, char);
 5224                           }
 5225                           strncpy(r + rl, s, l);   /* Null Pointer Dereference (ID: 2549.2580) */
 5226                           rl += l;
 5227                   }
bytes_after(p) < 35228                   s = p++;
 5229                   if (*s == '$') {
 5230                           if (*p == '{')
bytes_after(p) < 25231                                   p++;
bytes_after(p) < 15232                           vn = p;
 5233                           while (isalnum(*p) || *p == '_')   /* Buffer Overrun (ID: 2677.2726) */  /* Negative Character Value (ID: 2418.2435) */
 5234                                   p++;
 5235                           c = *p;
 5236                           *p = 0;
 5237    
bytes_after(vn) < 15238                           vv = getenv(vn);     /* Buffer Overrun */
     Exit master_config / varsub
Preconditions 
$param_2 = 2
&$heap_115227 <= &$unknown_849616 - 2
((char*)&$unknown_849609)[4] >= 1
strlen(&$unknown_849614) != 1
strlen(&$unknown_849614) > 0
((char*)&$unknown_849616)[1] != 95
((char*)&$heap_115208)[8] >= -1
((char*)&$heap_115216)[144] >= 0
((char*)&$heap_115216)[32] = 0
$heap_115227 = 36
((char*)&$heap_115227)[1] = 123
$input_12 >= 1
$input_60 != 0
Postconditions 
((char*)&$unknown_849610)[184]' = &$heap_115222
((char*)&$unknown_849610)[40]' = &$heap_115224
((char*)&$unknown_849610)[48]' = &$heap_115226
((char*)&$unknown_849610)[56]' = &$heap_115227
strlen(&$unknown_849616)' = 1
((char*)&$unknown_849616)[1]' = 0
argc' = $param_2
argv' = $param_3
atnewline' = 1
c' = ((char*)&$unknown_849616)[1]
debugger' = &$unknown_849613
epaths' = &$heap_115225
filehosts' = &$unknown_849609
hd' = &#string17[0]
$heap_115208' = 1
bytes_after(&$heap_115208)' = 40
$heap_115208' is allocated by malloc
$heap_115208' is allocated
bytes_before(&$heap_115208)' = 0
strlen(&$heap_115208)' = 0
((char*)&$heap_115208)[16]' = 1
((char*)&$heap_115208)[20]' = 1
((char*)&$heap_115208)[8]' = ((char*)&$heap_115208)[8] + 1
((char*)&$heap_115208)[12]' = 1
$heap_115210' = 1
bytes_after(&$heap_115210)' = 200
$heap_115210' is allocated by malloc
bytes_before(&$heap_115210)' = 0
strlen(&$heap_115210)' = 0
((char*)&$heap_115210)[136]' = &$heap_115211
((char*)&$heap_115210)[152]' = 1
((char*)&$heap_115210)[16]' = &$heap_115215
((char*)&$heap_115210)[168]' = 1000
((char*)&$heap_115210)[176]' = 0
((char*)&$heap_115210)[76]' = pvmmydsig
((char*)&$heap_115210)[8]' = &$heap_115214
((char*)&$heap_115210)[84]' = pvmudpmtu
((char*)&$heap_115210)[88]' = 2
((char*)&$heap_115210)[104]' = 1
((char*)&$heap_115210)[108]' = 1
((char*)&$heap_115210)[112]' = &$heap_115213
((char*)&$heap_115210)[120]' = &$heap_115212
$heap_115211' = &$heap_115211
bytes_after(&$heap_115211)' = 184
$heap_115211' is allocated by malloc
$heap_115211' is allocated
bytes_before(&$heap_115211)' = 0
((char*)&$heap_115211)[16]' = 0
((char*)&$heap_115211)[176]' = 0
((char*)&$heap_115211)[24]' = 0
((char*)&$heap_115211)[32]' = 0
((char*)&$heap_115211)[40]' = 0
((char*)&$heap_115211)[8]' = &$heap_115211
bytes_after(&$heap_115212)' = 184
$heap_115212' is allocated by malloc
$heap_115212' is allocated
bytes_before(&$heap_115212)' = 0
((char*)&$heap_115212)[16]' = 0
((char*)&$heap_115212)[176]' = 0
((char*)&$heap_115212)[24]' = 0
((char*)&$heap_115212)[32]' = 0
((char*)&$heap_115212)[40]' = 0
bytes_after(&$heap_115213)' = 184
$heap_115213' is allocated by malloc
$heap_115213' is allocated
bytes_before(&$heap_115213)' = 0
((char*)&$heap_115213)[16]' = 0
((char*)&$heap_115213)[176]' = 0
((char*)&$heap_115213)[24]' = 0
((char*)&$heap_115213)[32]' = 0
((char*)&$heap_115213)[40]' = 0
$heap_115214' = *$param_1
bytes_after(&$heap_115214)' = strlen($param_1) + 1
$heap_115214' is allocated by malloc
$heap_115214' is allocated
bytes_before(&$heap_115214)' = 0
strlen(&$heap_115214)' = strlen($param_1)
$heap_115215' = *myarchname
bytes_after(&$heap_115215)' = strlen(myarchname) + 1
$heap_115215' is allocated by malloc
$heap_115215' is allocated
bytes_before(&$heap_115215)' = 0
strlen(&$heap_115215)' = strlen(myarchname)
$heap_115216' = 0
bytes_after(&$heap_115216)' = 200
$heap_115216' is allocated by malloc
$heap_115216' is freed
bytes_before(&$heap_115216)' = 0
strlen(&$heap_115216)' = 0
((char*)&$heap_115216)[136]' = &$heap_115219
((char*)&$heap_115216)[152]' = 1
((char*)&$heap_115216)[16]' = &$heap_115221
((char*)&$heap_115216)[168]' = 1000
((char*)&$heap_115216)[176]' = 0
((char*)&$heap_115216)[76]' = pvmmydsig
((char*)&$heap_115216)[8]' = &$heap_115220
((char*)&$heap_115216)[84]' = pvmudpmtu
((char*)&$heap_115216)[88]' = 2
((char*)&$heap_115216)[104]' = 1
((char*)&$heap_115216)[108]' = 1
((char*)&$heap_115216)[112]' = &$heap_115218
((char*)&$heap_115216)[120]' = &$heap_115217
bytes_after(&$heap_115217)' = 184
$heap_115217' is allocated by malloc
bytes_before(&$heap_115217)' = 0
((char*)&$heap_115217)[176]' = 0
((char*)&$heap_115217)[32]' = 0
((char*)&$heap_115217)[40]' = 0
bytes_after(&$heap_115218)' = 184
$heap_115218' is allocated by malloc
bytes_before(&$heap_115218)' = 0
((char*)&$heap_115218)[16]' = 0
((char*)&$heap_115218)[176]' = 0
((char*)&$heap_115218)[24]' = 0
((char*)&$heap_115218)[32]' = 0
((char*)&$heap_115218)[40]' = 0
bytes_after(&$heap_115219)' = 184
$heap_115219' is allocated by malloc
bytes_before(&$heap_115219)' = 0
((char*)&$heap_115219)[176]' = 0
((char*)&$heap_115219)[32]' = 0
((char*)&$heap_115219)[40]' = 0
$heap_115220' = 112
bytes_after(&$heap_115220)' = 6
$heap_115220' is allocated by malloc
bytes_before(&$heap_115220)' = 0
strlen(&$heap_115220)' = 5
$heap_115221' = *myarchname
bytes_after(&$heap_115221)' = strlen(myarchname) + 1
$heap_115221' is allocated by malloc
bytes_before(&$heap_115221)' = 0
strlen(&$heap_115221)' = strlen(myarchname)
bytes_after(&$heap_115222)' = strlen(((char*)&$unknown_849611)[184]) + 1
$heap_115222' is allocated by malloc
$heap_115222' is allocated
bytes_before(&$heap_115222)' = 0
strlen(&$heap_115222)' = strlen(((char*)&$unknown_849611)[184])
$heap_115223' = $input_60
bytes_after(&$heap_115223)' = $input_12 + 1
$heap_115223' is allocated by malloc
$heap_115223' is a non-heap object
bytes_before(&$heap_115223)' = 0
strlen(&$heap_115223)' = $input_12
$heap_115224' = $input_60
bytes_after(&$heap_115224)' = $input_12 + 1
$heap_115224' is allocated by malloc
$heap_115224' is allocated
bytes_before(&$heap_115224)' = 0
$heap_115225' = &$unknown_849612
$heap_115225' is allocated by malloc
$heap_115225' is allocated
bytes_before(&$heap_115225)' = 0
((char*)&$heap_115225)[8]' = 0
$heap_115226' = 36
bytes_after(&$heap_115226)' = 23
$heap_115226' is allocated by malloc
$heap_115226' is allocated
bytes_before(&$heap_115226)' = 0
bytes_after(&$heap_115227)' = 2
$heap_115227' is allocated by malloc
$heap_115227' is allocated
bytes_before(&$heap_115227)' = 0
strlen(&$heap_115227)' = strlen(&$unknown_849614)
$heap_115228' = $heap_115227
bytes_after(&$heap_115228)' = 8
$heap_115228' is allocated by malloc
$heap_115228' is allocated
bytes_before(&$heap_115228)' = 0
strlen(&$heap_115228)' = strlen(&$unknown_849614)
hn' = $param_1
hosts' = &$heap_115208
hp' = &$unknown_849610
hp2' = &$unknown_849611
p' = &$unknown_849616 + 1
r' = &$heap_115228
rl' = l'
rm' = 8
s' = &$heap_115227
s' = 0
vn' = &$heap_115227 + 2



Change Warning 2676.2725 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: