CodeSonar : irssi-0.8.14 : Null Pointer Dereference

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Null Pointer Dereference at modes.c:401

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	22012.28302
Procedure:	parse_channel_modes
Trace:	view
Modified:	Thu Nov 26 11:08:35 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/irssi-0.8.14/src/irc/core/modes.c

			Enter parse_channel_modes

338

void parse_channel_modes(IRC_CHANNEL_REC *channel, const char *setby,

339

const char *mode, int update_key)

340

{

341

IRC_SERVER_REC *server = channel->server;

342

GString *newmode;

343

char *dup, *modestr, *arg, *curmode, type, *old_key;

344

int umode;

345

346

g_return_if_fail (IS_IRC_CHANNEL (channel ));

347

g_return_if_fail(mode != NULL);

type = '+';

newmode = g_string_new(channel->mode);

351

old_key = update_key ? NULL : g_strdup(channel->key);

352

353

dup = modestr = g_strdup(mode);

354

curmode = cmd_get_param(&modestr );

355

while (*curmode != '\0') { /* Null Pointer Dereference (ID: 6939.28304) */

356

if (HAS_MODE_ARG(server, type, *curmode)) {

357

/* get the argument for the mode. NOTE: We don't

358

get the +k's argument when joining to channel. */

359

arg = cmd_get_param(&modestr );

} else {

arg = NULL;

}

switch (*curmode) {

case '+':

case '-':

type = *curmode;

break;

default:

umode = (unsigned char) *curmode;

371

if (server->modes[umode].func != NULL) {

372

server->modes[umode].func(channel, setby,

type, *curmode, arg,

newmode);

} else {

/* Treat unknown modes as ones without params */

newmode <= 4095

377

modes_type_d(channel, setby, type, *curmode,

arg, newmode );

}

}

curmode++;

}

g_free(dup);

if (channel->key != NULL &&

387

strchr(channel->mode, 'k') == NULL &&

388

strchr(newmode->str, 'k') == NULL) { /* Null Pointer Dereference (ID: 22013.28303) */

389

/* join was used with key but there's no key set

390

in channel modes.. */

391

g_free(channel->key);

392

channel->key = NULL;

393

} else if (!update_key && old_key != NULL) {

394

/* get the old one back, just in case it was replaced */

395

g_free(channel->key);

396

channel->key = old_key;

397

mode_set_arg(channel->server, newmode, '+', 'k', old_key, FALSE );

old_key = NULL;

}

if (strcmp(newmode->str, channel->mode) != 0) { /* Null Pointer Dereference */

Preconditions

mode != 0
update_key != 0
&$unknown_164645 >= &$unknown_164644 + 1
&$unknown_164649 != 0
$unknown_164644 = 32
strlen(&$unknown_164644) != 0
strlen(&$unknown_164644) != 1
((char*)&$unknown_164644)[1] != 0
((char*)&$unknown_164644)[1] != 32
$unknown_164645 != 0
strlen(&$unknown_164645) = 2
((char*)&$unknown_164645)[2] = 0
((char*)&$unknown_164645)[1] != 0
((char*)&$unknown_164645)[1] != 43
((char*)&$unknown_164645)[1] != 45
$unknown_164648 != 0
$unknown_164648 != 32
strlen(&$unknown_164648) = 1
((char*)&$unknown_164648)[1] = 0
$unknown_164650 = 107

Postconditions

_g_boolean_var_' = 1
_g_boolean_var_' = 1
arg' = &$unknown_164648
curmode' = &$unknown_164645 + 2
dup' = &$unknown_164644
modestr' = &$unknown_164648 + 1
newmode' = 0
old_key' = 0
server' = channel->server
type' != 43
umode' = ((char*)&$unknown_164645)[1]

Change Warning 22012.28302 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: