CodeSonar : irssi-0.8.14 : Null Pointer Dereference

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Null Pointer Dereference at modes.c:388

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	22013.28303
Procedure:	parse_channel_modes
Trace:	view
Modified:	Thu Nov 26 11:08:36 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/irssi-0.8.14/src/irc/core/modes.c

			Enter parse_channel_modes

338

void parse_channel_modes(IRC_CHANNEL_REC *channel, const char *setby,

339

const char *mode, int update_key)

340

{

341

IRC_SERVER_REC *server = channel->server;

342

GString *newmode;

343

char *dup, *modestr, *arg, *curmode, type, *old_key;

344

int umode;

345

346

g_return_if_fail (IS_IRC_CHANNEL (channel ));

347

g_return_if_fail(mode != NULL);

type = '+';

newmode = g_string_new(channel->mode);

351

old_key = update_key ? NULL : g_strdup(channel->key);

352

353

dup = modestr = g_strdup(mode);

354

curmode = cmd_get_param(&modestr );

355

while (*curmode != '\0') { /* Null Pointer Dereference (ID: 6939.28304) */

356

if (HAS_MODE_ARG(server, type, *curmode)) {

357

/* get the argument for the mode. NOTE: We don't

358

get the +k's argument when joining to channel. */

359

arg = cmd_get_param(&modestr );

} else {

arg = NULL;

}

switch (*curmode) {

case '+':

case '-':

type = *curmode;

break;

default:

umode = (unsigned char) *curmode;

371

if (server->modes[umode].func != NULL) {

372

server->modes[umode].func(channel, setby,

type, *curmode, arg,

newmode);

} else {

/* Treat unknown modes as ones without params */

newmode <= 4095

377

modes_type_d(channel, setby, type, *curmode,

arg, newmode );

}

}

curmode++;

}

g_free(dup);

if (channel->key != NULL &&

387

strchr(channel->mode, 'k') == NULL &&

newmode <= 4095

388

strchr(newmode->str, 'k') == NULL) { /* Null Pointer Dereference */

Preconditions

mode != 0
update_key != 0
&$unknown_165788 <= &$unknown_165789 - 1
&$unknown_165793 != 0
$unknown_165788 = 32
strlen(&$unknown_165788) != 0
strlen(&$unknown_165788) != 1
((char*)&$unknown_165788)[1] != 0
((char*)&$unknown_165788)[1] != 32
$unknown_165789 != 0
strlen(&$unknown_165789) = 2
((char*)&$unknown_165789)[2] = 0
((char*)&$unknown_165789)[1] != 0
((char*)&$unknown_165789)[1] != 43
((char*)&$unknown_165789)[1] != 45
$unknown_165792 != 0
$unknown_165792 != 32
strlen(&$unknown_165792) = 1
((char*)&$unknown_165792)[1] = 0
$unknown_165794 != 107

Postconditions

_g_boolean_var_' = 1
_g_boolean_var_' = 1
arg' = &$unknown_165792
curmode' = &$unknown_165789 + 2
dup' = &$unknown_165788
modestr' = &$unknown_165792 + 1
newmode' = 0
old_key' = 0
server' = channel->server
type' != 43
umode' = ((char*)&$unknown_165789)[1]

Change Warning 22013.28303 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: