CodeSonar : Pvm : Buffer Underrun

Pvm : Pvm analysis 1 : Buffer Underrun at tdpro.c:1910

Categories:	LANG.MEM.BU CWE:124 CWE:127
Warning ID:	2719.2772
Procedure:	tm_mca
Trace:	View
Modified:	Wed Sep 2 12:44:23 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/src/tdpro.c

			Enter tm_mca

tm_mca(tp, mp)

struct task *tp;

struct pmsg *mp;

{

struct mca *mcap; /* mca descriptor */

1868

int ndst; /* num of dst tids */

1869

int *dsts; /* dst tids */

int tid;

int i, j;

* unpack list of dst tids from message (expect it to be sorted).

1875

* discard tids to nonexistent foreign hosts.

mcap = mca_new ();

mcap->mc_tid = TIDGID | tp->t_tid; /* Null Pointer Dereference (ID: 2724.2777) */

1880

upkint(mp, &ndst );

true

1881

dsts = TALLOC(ndst, int, "dsts");

bytes_before(dsts) < 4

1882

for ( i=0, j=0 ; i < ndst ; i++ ) {

1883

upkuint(mp, &tid );

1884

if ((tid & tidhmask) == myhostpart || tidtohost (hosts, tid ))

j <= ( -8 * bytes_before(dsts) + 31 ) / 32

1885

dsts[j++] = tid; /* Null Pointer Dereference (ID: 2723.2776) */

1886

}

j <= ( -8 * bytes_before(dsts) + 63 ) / 32

ndst = j;

if (ndst < 1)

goto noguys;

* send DM_MCA messages containing tids to destination hosts

1894

* make list of destination hosts for us

1895

1896

1897

mcap->mc_dsts = TALLOC(ndst, int, "mcal"); /* XXX cheat, too much space */

1898

mcap->mc_ndst = 0; /* Useless Assignment (ID: 2717.2770) */

1899

1900

for (j = 0; j < ndst; ) {

1901

i = j;

1902

tid = dsts[i] & tidhmask; /* Null Pointer Dereference (ID: 2721.2774) */

ndst <= ( -8 * bytes_before(dsts) + 63 ) / 32

1903

while (++j < ndst && tid == (dsts[j] & tidhmask)) ;

1904

mp = mesg_new (0);

1905

mp->m_dst = (tid |= TIDPVMD); /* Null Pointer Dereference (ID: 2720.2773) */

1906

mp->m_tag = DM_MCA;

1907

pkint(mp, mcap->mc_tid );

1908

pkint(mp, j - i );

j <= ( -8 * bytes_before(dsts) + 63 ) / 32

1909

while (i < j)

i <= ( -8 * bytes_before(dsts) - 1 ) / 32

1910

pkint(mp, dsts[i++]); /* Buffer Underrun */

1911

sendmessage(mp );

1912

mcap->mc_dsts[mcap->mc_ndst++] = tid; /* Null Pointer Dereference (ID: 2718.2771) */

Preconditions

&$unknown_1051352 != 0
hosts->ht_last >= 1

Postconditions

((char*)$unknown_1051355)[8]' = ((char*)&$unknown_1051355)[8]
((char*)$unknown_1051356)[8]' = ((char*)&$unknown_1051356)[8]
((char*)$unknown_1051355)[8]' = $unknown_1051355
((char*)$unknown_1051356)[8]' = $unknown_1051356
$unknown_1051355' = &$unknown_1051355
((char*)&$unknown_1051355)[16]' = 0
((char*)&$unknown_1051355)[24]' = 0
((char*)&$unknown_1051355)[32]' = 0
((char*)&$unknown_1051355)[36]' = 0
((char*)&$unknown_1051355)[40]' = 1
((char*)&$unknown_1051355)[42]' = 1
((char*)&$unknown_1051355)[42]' = 0
((char*)&$unknown_1051355)[60]' = 0
((char*)&$unknown_1051355)[8]' = &$unknown_1051355
((char*)&$unknown_1051356)[16]' = &$unknown_1051358
dsts' = &$heap_161555
freefrags.fr_link' = &$unknown_1051355
freepmsgs.m_link' = &$unknown_1051356
$heap_161554' = &$heap_161554
bytes_after(&$heap_161554)' = 32
$heap_161554' is allocated by malloc
$heap_161554' is allocated
bytes_before(&$heap_161554)' = 0
((char*)&$heap_161554)[24]' = &$heap_161556
((char*)&$heap_161554)[8]' = &$heap_161554
bytes_after(&$heap_161555)' = 4
$heap_161555' is allocated by malloc
$heap_161555' is allocated
bytes_before(&$heap_161555)' = 0
bytes_after(&$heap_161556)' = 4
$heap_161556' is allocated by malloc
$heap_161556' is allocated
bytes_before(&$heap_161556)' = 0
i' = 0
j' = 1
mcap' = &$heap_161554
mp' = &$unknown_1051356
ndst' = 1
tp' = $param_1

Change Warning 2719.2772 : Buffer Underrun

Priority:
State:
Finding:
Owner:
Note: