CodeSonar : Pvm : Null Pointer Dereference

Pvm : Pvm analysis 1 : Null Pointer Dereference at trcmess.c:768

Categories:

LANG.MEM.NPD CWE:476

Warning ID:

2861.2925

Similar Warnings:

2861.2926

Procedure:

trc_handle_trace_message

Trace:

View

Modified:

Wed Sep 2 12:50:43 2009 show details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/u1/paul/SATE/2010/c/pvm/pvm3/tracer/trcmess.c

			Enter trc_handle_trace_message

377

trc_handle_trace_message( ID, src )

TRC_ID ID;

int src;

{

TRC_DATADESC DD;

TRC_TEVDESC TD;

TRC_TEVTASK TT;

TRC_HOST H;

...

int tusec;

int tsec;

int ecnt;

int eid;

int tid;

int dt;

int marker;

int nest;

ecnt = 0;

TRC_PVMCKERR ( pvm_upkint( &marker , 1, 1 ),

417

"Unpacking Trace Message", return( ecnt ) );

418

419

/* Old PVM 3.3 Trace Format */

if ( marker > 0 )

{

tsec = marker;

TRC_PVMCKERR ( pvm_upkint( &tusec , 1, 1 ),

426

"Event Parse Error", return( ecnt ) );

427

428

TRC_PVMCKERR ( pvm_upkint( &tid , 1, 1 ),

429

"Event Parse Error", return( ecnt ) );

430

431

TRC_PVMCKERR ( pvm_upkint( &eid , 1, 1 ),

...

433

434

ecnt += trc_store_old_trace_event( ID, tsec, tusec, tid, eid ); /* Uninitialized Variable (ID: 2863.2928) */

return( ecnt );

}

/* New PVM 3.4 Format */

440

441

/* Get Task & Host Info */

442

443

TT = trc_get_tevtask_tid( ID, src );

444

445

pvmd_tid = pvm_tidtohost( src );

446

447

if ( !pvmd_tid )

448

pvmd_tid = pvm_tidtohost( TRC_TID );

449

450

H = trc_get_host_tid( pvmd_tid );

451

452

/* Set Leftover Event Omit Flag */

453

454

omit = ( ID->trace_out == NULL

true

455

|| ( TT != NULL && TRC_TASK_OMIT( TT ) ) )

456

? TRC_TRUE : TRC_FALSE;

457

458

/* Process Event Message */

nest = 0;

done = 0;

{

switch ( marker )

{

case TEV_MARK_EVENT_BUFFER:

{

nest++;

break;

}

case TEV_MARK_EVENT_BUFFER_END:

{

if ( !(--nest) )

done++;

break;

}

case TEV_MARK_DATA_ID:

{

did_done = 0;

{

TRC_PVMCKERR ( pvm_upkint( &did_int , 1, 1 ),

490

"Data ID Message", return( ecnt ) );

491

492

if ( did_int != TEV_MARK_DATA_ID_END )

493

{

494

TRC_PVMCKERR ( pvm_upkstr( did ),

495

"Data ID Name", return( ecnt ) );

496

497

TRC_PVMCKERR ( pvm_upkstr( diddesc ),

498

"Data ID Description", return( ecnt ) );

499

500

dptr = (TRC_DID) trc_lookup_trie ( TRC_DID_TRIE,

did );

if ( dptr == NULL

|| dptr->id != did_int

505

|| strcmp( dptr->desc, diddesc ) )

506

{

507

dptr = trc_create_did();

dptr->id = did_int;

dptr->name = trc_copy_str ( did );

512

513

dptr->desc = trc_copy_str ( diddesc );

514

515

dptr->next = TRC_DID_LIST;

TRC_DID_LIST = dptr;

trc_add_to_trie( TRC_DID_TRIE,

520

dptr->name, (void *) dptr );

521

}

522

523

trc_set_didlist( H, dptr );

}

else

did_done++;

}

while ( !did_done );

if ( !nest )

done++;

break;

}

case TEV_MARK_EVENT_DESC:

538

{

539

TD = trc_create_tevdesc(); /* Leak (ID: 2859.2923) */

TD->refcount = 1;

TRC_PVMCKERR ( pvm_upkint( &eid , 1, 1 ),

544

"Event Descriptor ID", return( ecnt ) );

545

546

TD->eid = eid & ~( TEV_EVENT_ENTRY | TEV_EVENT_EXIT );

547

548

if ( eid & TEV_EVENT_ENTRY )

549

TD->entry_exit = TRC_ENTRY_TEV;

550

551

else if ( eid & TEV_EVENT_EXIT )

552

TD->entry_exit = TRC_EXIT_TEV;

553

554

else

555

TD->entry_exit = TRC_IGNORE_TEV;

556

557

TRC_PVMCKERR ( pvm_upkstr( tmp ),

558

"Event Descriptor Name", return( ecnt ) );

559

560

TD->name = trc_copy_str ( tmp );

desc_done = 0;

{

TRC_PVMCKERR ( pvm_upkint( &did_int , 1, 1 ),

567

"Semantic Data ID", return( ecnt ) );

568

569

if ( did_int != TEV_MARK_EVENT_DESC_END )

570

{

571

if ( TD->ddesc == NULL )

572

DD = TD->ddesc = trc_create_datadesc();

573

574

else

575

DD = DD->next = trc_create_datadesc();

576

577

if ( H->didlist == NULL ) /* Null Pointer Dereference (ID: 2860.2924) */

578

{

579

printf(

580

"Warning: Missing DID List For Host %s\n",

H->name );

}

DD->did = trc_get_did( H, did_int );

585

586

if ( DD->did == NULL )

587

{

588

printf( "Error: DID=%d Not Found\n",

589

did_int );

590

591

trc_free_tevdesc( &TD );

return( ecnt );

}

TRC_PVMCKERR ( pvm_upkint( &dt , 1, 1 ),

597

"Data Type", return( ecnt ) );

598

599

DD->dt = dt &

600

~( TEV_DATA_SCALAR | TEV_DATA_ARRAY );

601

602

DD->array = dt &

603

( TEV_DATA_SCALAR | TEV_DATA_ARRAY );

604

605

if ( !trc_unpack_data_value( DD ) )

606

{

607

trc_free_tevdesc( &TD );

return( ecnt );

}

}

else

desc_done++;

}

while ( !desc_done );

617

618

dump_event = trc_add_tevdesc( ID, &TD, src, omit );

619

620

trc_set_tevlist( TT, H, TD );

621

622

if ( TD->dump )

623

trc_dump_tevdesc( ID, TD, src );

624

625

if ( dump_event )

626

trc_store_data_values( ID, TD, src, omit );

if ( !omit )

ecnt++;

if ( !nest )

done++;

break;

}

case TEV_MARK_USER_EVENT_RECORD:

638

{

639

TD = trc_create_tevdesc(); /* Leak (ID: 2859.2922) */

TD->refcount = 1;

TRC_PVMCKERR ( pvm_upkint( &eid , 1, 1 ),

644

"Event Descriptor ID", return( ecnt ) );

645

646

TD->eid = eid & ~( TEV_EVENT_ENTRY | TEV_EVENT_EXIT );

647

648

if ( eid & TEV_EVENT_ENTRY )

649

TD->entry_exit = TRC_ENTRY_TEV;

650

651

else if ( eid & TEV_EVENT_EXIT )

652

TD->entry_exit = TRC_EXIT_TEV;

653

654

else

655

TD->entry_exit = TRC_IGNORE_TEV;

656

657

TRC_PVMCKERR ( pvm_upkstr( tmp ),

658

"Event Descriptor Name", return( ecnt ) );

659

660

TD->name = trc_copy_str ( tmp );

661

662

/* Yank Out Hardwired Timestamp */

663

664

DD = TD->ddesc = trc_create_datadesc();

665

666

DD->did = trc_get_did( (TRC_HOST) NULL, TEV_DID_TS );

667

668

DD->dt = TEV_DATA_INT;

669

DD->array = TEV_DATA_SCALAR;

670

671

if ( !trc_unpack_data_value( DD ) )

672

{

673

trc_free_tevdesc( &TD );

return( ecnt );

}

DD = DD->next = trc_create_datadesc();

679

680

DD->did = trc_get_did( (TRC_HOST) NULL, TEV_DID_TU );

681

682

DD->dt = TEV_DATA_INT;

683

DD->array = TEV_DATA_SCALAR;

684

685

if ( !trc_unpack_data_value( DD ) )

686

{

687

trc_free_tevdesc( &TD );

return( ecnt );

}

desc_done = 0;

{

TRC_PVMCKERR ( pvm_upkint( &dt , 1, 1 ),

697

"Data Type", return( ecnt ) );

698

699

if ( dt != TEV_MARK_USER_EVENT_RECORD_END )

700

{

701

DD = DD->next = trc_create_datadesc();

702

703

DD->dt = dt &

704

~( TEV_DATA_SCALAR | TEV_DATA_ARRAY );

705

706

DD->array = dt &

707

( TEV_DATA_SCALAR | TEV_DATA_ARRAY );

708

709

if ( !trc_unpack_data_value( DD ) )

710

{

711

trc_free_tevdesc( &TD );

return( ecnt );

}

}

else

desc_done++;

}

while ( !desc_done );

721

722

dump_event = trc_add_tevdesc( ID, &TD, src, omit );

723

724

if ( TD->dump )

725

trc_dump_tevdesc( ID, TD, src );

726

727

if ( dump_event )

728

trc_store_data_values( ID, TD, src, omit );

if ( !omit )

ecnt++;

if ( !nest )

done++;

break;

}

case TEV_MARK_EVENT_RECORD:

740

{

741

TRC_PVMCKERR ( pvm_upkint( &eid , 1, 1 ),

742

"Event ID", return( ecnt ) );

743

744

if ( eid & TEV_EVENT_ENTRY )

745

entry_exit = TRC_ENTRY_TEV;

746

747

else if ( eid & TEV_EVENT_EXIT )

748

entry_exit = TRC_EXIT_TEV;

749

750

else

751

entry_exit = TRC_IGNORE_TEV;

752

753

eid &= ~( TEV_EVENT_ENTRY | TEV_EVENT_EXIT );

754

755

TD = trc_get_tevdesc( TT, H, eid, entry_exit );

if ( TD != NULL )

{

if ( trc_store_trace_event( ID, TD, src, omit ) )

ecnt++;

}

else

{

printf(

"Error: Event ID %d(%d) %s T(%d/%x) H(%d/%x)\n",

767

eid, entry_exit, "Descriptor Not Found",

TT <= 4095

768

TT->tid, TT->tid, H->pvmd_tid, H->pvmd_tid ); /* Null Pointer Dereference */

}

if ( !nest )

done++;

break;

}

}

if ( !done )

{

TRC_PVMCKERR ( pvm_upkint( &marker , 1, 1 ),

781

"Unpacking Trace Message", return( ecnt ) );

782

}

783

}

784

while ( !done );

Preconditions

((char*)$param_1)[24] >= 0
((char*)$param_1)[40] != 0
pvmrbuf != 0
pvmtoplvl != 0

Postconditions

H' = TRC_HOST_LIST
ID' = $param_1
TD' = 0
TRC_TMP_CC' = 0
TT' = 0
done' >= -1
done' <= 0
entry_exit' = 2
marker' = -7
omit' = 0
pvmd_tid' = TRC_HOST_LIST->pvmd_tid
pvmtrc.trctid' >= 1
pvmtrccodef' = &$unknown_2811473
src' = $param_2

Change Warning 2861.2925 : Null Pointer Dereference

Because they are very similar, this warning shares annotations with warning 2861.2926.

Priority:
State:
Finding:
Owner:
Note: