CodeSonar : irssi-0.8.14 : Null Pointer Dereference

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Null Pointer Dereference at irc-channels.c:119

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	7229.28310
Procedure:	irc_channels_join
Trace:	view
Modified:	Thu Nov 26 11:08:38 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/irssi-0.8.14/src/irc/core/irc-channels.c

			Enter irc_channels_join

static void irc_channels_join(IRC_SERVER_REC *server, const char *data,

int automatic)

{

CHANNEL_SETUP_REC *schannel;

IRC_CHANNEL_REC *chanrec;

GString *outchans, *outkeys;

char *channels, *keys, *key, *space;

char **chanlist, **keylist, **tmp, **tmpkey, **tmpstr, *channel, *channame;

void *free_arg;

int use_keys, cmdlen;

g_return_if_fail(data != NULL);

g_return_if_fail (IS_IRC_SERVER (server ) && server ->connected );

if (*data == '\0') return;

if (!cmd_get_params(data, &free_arg, 2 | PARAM_FLAG_GETREST,

&channels, &keys ))

return;

/* keys shouldn't contain space */

space = strchr(keys, ' ');

if (space != NULL) {

*space = '\0';

}

chanlist = g_strsplit(channels, ",", -1);

keylist = g_strsplit(keys, ",", -1);

outchans = g_string_new(NULL);

outkeys = g_string_new(NULL);

use_keys = *keys != '\0';

tmpkey = keylist;

tmp = chanlist;

for (;; tmp++) {

if (*tmp != NULL) {

channel = ischannel(**tmp) ? g_strdup(*tmp) :

103

g_strdup_printf("#%s", *tmp);

104

105

chanrec = irc_channel_find (server , channel );

106

if (chanrec == NULL) {

channel = 0

107

schannel = channel_setup_find(channel, server->connrec->chatnet );

108

109

g_string_append_printf(outchans, "%s,", channel);

110

if (*tmpkey != NULL && **tmpkey != '\0')

111

key = *tmpkey;

112

else if (schannel != NULL && schannel->password != NULL) {

113

/* get password from setup record */

114

use_keys = TRUE;

115

key = schannel->password;

116

} else key = NULL;

117

118

g_string_append_printf(outkeys, "%s,", get_join_key(key));

channel <= 4095

119

channame = channel + (channel[0] == '!' && /* Null Pointer Dereference */

120

channel[1] == '!');

121

chanrec = irc_channel_create(server, channame, NULL,

122

automatic );

123

if (key != NULL) chanrec->key = g_strdup(key); /* Null Pointer Dereference (ID: 7228.28309) */

}

g_free(channel);

if (*tmpkey != NULL)

tmpkey++;

tmpstr = tmp;

tmpstr++;

cmdlen = outchans->len-1;

133

134

if (use_keys)

135

cmdlen += outkeys->len;

136

if (*tmpstr != NULL)

137

cmdlen += ischannel(**tmpstr) ? strlen(*tmpstr) :

138

strlen(*tmpstr)+1;

139

if (*tmpkey != NULL)

140

cmdlen += strlen(*tmpkey);

141

142

/* don't try to send too long lines

143

make sure it's not longer than 510

144

so 510 - strlen("JOIN ") = 505 */

if (cmdlen < 505)

continue;

}

if (outchans->len > 0) {

149

g_string_truncate(outchans, outchans->len-1);

150

g_string_truncate(outkeys, outkeys->len-1);

151

irc_send_cmdv(IRC_SERVER (server ),

152

use_keys ? "JOIN %s %s" : "JOIN %s",

153

outchans->str, outkeys->str );

154

}

155

cmdlen = 0;

156

g_string_truncate(outchans,0);

157

g_string_truncate(outkeys,0);

158

if (*tmp == NULL || tmp[1] == NULL)

Preconditions

&$unknown_219695 <= &$unknown_219694
server->connected != 0
*data != 0
strlen(data) != 0
((char*)$unknown_219694)[4] = 43
strlen(((char*)&$unknown_219694)[4]) != 0
*$unknown_219700 = 0
strlen($unknown_219700) = 0
$unknown_219692 = 0
strlen(&$unknown_219692) = 0
((char*)&$unknown_219694)[8] >= 0
((char*)&$unknown_219695)[4] >= 0

Postconditions

_g_boolean_var_' = 1
_g_boolean_var_' = 1
chanlist' = &$unknown_219695
channel' = 0
channels' = &$unknown_219693
chanrec' = 0
key' = 0
keylist' = &$unknown_219697
keys' = &$unknown_219692
outchans' = &$unknown_219696
outkeys' = &$unknown_219701
schannel' = 0
space' = 0
tmp' = &$unknown_219694 + 4
tmpkey' = &$unknown_219700
tmpstr' = &$unknown_219694 + 4

Change Warning 7229.28310 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: