Text  |   XML   |   Visible Warnings:

Pvm : Pvm analysis 1 : Buffer Overrun  at lpvmgen.c:3119

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 2801.2861
Procedure: pvmgetenvars
Trace: View
Modified: Wed Sep 2 12:47:28 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /u1/paul/SATE/2010/c/pvm/pvm3/src/lpvmgen.c
   Enter pvmgetenvars
&$unknown_1918028 > 2003098 pvmgetenvars(ep) 
 3099         char ***ep;
 3100 {
 3101         char **xpl;                     /* vars to export */ 
 3102         int mxpl;                       /* cur length of xpl */ 
 3103         int nxpl;                       /* num vars found */ 
 3104         char buf[200];
 3105         char *p, *q;
 3106         int n;
 3107  
&$unknown_1918030 > 2003108         if (p = getenv("PVM_EXPORT")) {
&$unknown_1918036 > 2003109                 mxpl = 5;
&$unknown_1918037 > 2003110                 xpl = TALLOC(mxpl, char *, "env");
&$unknown_1918041 > 2003111                 xpl[0] = p - 11;   /* Null Pointer Dereference (ID: 2803.2863) */
&$unknown_1918042 > 2003112                 nxpl = 1;
&$unknown_1918043 > 2003113                 while (1) {
&$unknown_1918044 > 2003114                         while (*p == ':')
&$unknown_1918045 > 2003115                                 p++;
&$unknown_1918047 > 2003116                         if (!*p)
 3117                                 break;
&$unknown_1918048 > 2003118                         n = (q = CINDEX(p, ':')) ? q - p : strlen(p);
n > 2003119                         strncpy(buf, p, n);     /* Buffer Overrun */  /* strncpy Does Not Null-terminate (ID: 2802.2862) */
Preconditions 
&$unknown_1918057 >= 1
((char*)&$heap_186465)[1] != 0
((char*)&$heap_186465)[1] != 58
$input_12 = &$unknown_1918057 + 1
$input_12 >= 2
Postconditions 
buf[0]' = ((char*)&$heap_186465)[1]
ep' = $param_1
$heap_186465' = 58
bytes_after(&$heap_186465)' = $input_12 + 1
$heap_186465' is allocated by malloc
bytes_before(&$heap_186465)' = 0
strlen(&$heap_186465)' = $input_12
$heap_186466' = &$heap_186465 - 11
bytes_after(&$heap_186466)' = 40
$heap_186466' is allocated by malloc
$heap_186466' is allocated
bytes_before(&$heap_186466)' = 0
mxpl' = 5
n' = $input_12 - 1
nxpl' = 1
p' = &$heap_186465 + 1
q' = 0
xpl' = &$heap_186466



Change Warning 2801.2861 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: