CodeSonar : irssi-0.8.14 : Null Pointer Dereference

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Null Pointer Dereference at dcc-queue.c:53

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	7269.28354
Procedure:	dcc_queue_old
Trace:	view
Modified:	Thu Nov 26 11:09:01 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/irssi-0.8.14/src/irc/dcc/dcc-send.c

			Enter cmd_dcc_send

166

static void cmd_dcc_send(const char *data, IRC_SERVER_REC *server,

167

WI_ITEM_REC *item)

168

{

169

const char *servertag;

170

char *nick, *fileargs;

void *free_arg;

CHAT_DCC_REC *chat;

GHashTable *optlist;

int queue, mode, passive;

175

176

if (!cmd_get_params(data, &free_arg, 2 | PARAM_FLAG_OPTIONS |

177

PARAM_FLAG_GETREST, "dcc send",

178

&optlist, &nick, &fileargs ))

179

return;

180

181

chat = item_get_dcc(item );

182

if (chat != NULL &&

183

(chat->mirc_ctcp || g_strcasecmp(nick, chat->nick) != 0))

184

chat = NULL;

185

186

if (!IS_IRC_SERVER (server ) || !server->connected)

187

servertag = NULL;

188

else

189

servertag = server->tag;

190

true

191

if (servertag == NULL && chat == NULL)

192

cmd_param_error (CMDERR_NOT_CONNECTED );

193

194

passive = g_hash_table_lookup(optlist, "passive") != NULL;

195

196

if (g_hash_table_lookup(optlist, "rmhead") != NULL) {

197

queue = dcc_queue_old(nick, servertag );

198

if (queue != -1)

199

dcc_queue_remove_head(queue );

200

} else if (g_hash_table_lookup(optlist, "rmtail") != NULL) {

201

queue = dcc_queue_old(nick, servertag );

202

if (queue != -1)

203

dcc_queue_remove_tail(queue );

204

} else if (g_hash_table_lookup(optlist, "flush") != NULL) {

205

queue = dcc_queue_old(nick, servertag );

206

if (queue != -1)

207

dcc_queue_free(queue );

208

} else {

209

if (g_hash_table_lookup(optlist, "append") != NULL)

210

mode = DCC_QUEUE_APPEND;

211

else if (g_hash_table_lookup(optlist, "prepend") != NULL)

212

mode = DCC_QUEUE_PREPEND;

213

else

214

mode = DCC_QUEUE_NORMAL;

215

216

if (*fileargs == '\0')

217

cmd_param_error (CMDERR_NOT_ENOUGH_PARAMS );

218

servertag <= 4095

219

dcc_send_add(servertag, chat, nick, fileargs, mode, passive );

					Enter cmd_dcc_send / dcc_send_add

static void dcc_send_add(const char *servertag, CHAT_DCC_REC *chat,

const char *nick, char *fileargs, int add_mode,

int passive)

{

struct stat st;

glob_t globbuf;

char *fname;

int i, ret, files, flags, queue, start_new_transfer;

100

101

memset(&globbuf, 0, sizeof(globbuf));

102

flags = GLOB_NOCHECK | GLOB_TILDE;

103

104

/* this loop parses all <file> parameters and adds them to glubbuf */

105

for (;;) {

106

fname = cmd_get_quoted_param(&fileargs );

if (*fname == '\0')

break;

if (glob(fname, flags, 0, &globbuf) < 0)

111

break;

112

113

/* this flag must not be set before first call to glob!

114

(man glob) */

115

flags |= GLOB_APPEND;

116

}

117

118

files = 0; queue = -1; start_new_transfer = 0;

119

120

/* add all globbed files to a proper queue */

121

for (i = 0; i < globbuf.gl_pathc; i++) {

122

char *fname = dcc_send_get_file(globbuf.gl_pathv[i]);

123

124

ret = stat(fname, &st);

125

if (ret == 0 && S_ISDIR(st.st_mode)) {

126

/* we don't want directories */

errno = EISDIR;

ret = -1;

}

if (ret < 0) {

signal_emit("dcc error file open", 3,

nick, fname, errno);

g_free(fname);

continue;

}

if (queue < 0) {

/* in append and prepend mode try to find an

140

old queue. if an old queue is not found

141

create a new queue. if not in append or

142

prepend mode, create a new queue */

143

if (add_mode != DCC_QUEUE_NORMAL)

servertag <= 4095

144

queue = dcc_queue_old(nick, servertag );

							/kat0/fletcher/SATE/2010/irssi-0.8.14/src/irc/dcc/dcc-queue.c

							Enter cmd_dcc_send / dcc_send_add / dcc_queue_old

int dcc_queue_old(const char *nick, const char *servertag)

{

int i;

for (i = 0; i < queuelist->len; i++) {

GSList *qlist = g_ptr_array_index(queuelist, i);

for (; qlist != NULL; qlist = qlist->next) {

DCC_QUEUE_REC *rec = qlist->data;

if (rec == NULL)

continue;

if (*nick != '\0' && g_strcasecmp(nick, rec->nick) != 0)

continue;

servertag <= 4095

if (*servertag != '\0' && /* Null Pointer Dereference */

g_strcasecmp(servertag, rec->servertag) != 0)

continue;

							Exit cmd_dcc_send / dcc_send_add / dcc_queue_old

	145				start_new_transfer = 0;
	146				if (queue < 0) {
	147				queue = dcc_queue_new();
	148				start_new_transfer = 1;
	149				}
	150				}
	151
	152				dcc_queue_add(queue, add_mode, nick,
	153				fname, servertag, chat, passive );
	154				files++;
	155				g_free(fname);

					Exit cmd_dcc_send / dcc_send_add

Preconditions

nick != 0
&$unknown_341695 != 0
&$unknown_341696 != 0
&$unknown_341705 >= 1
servertag[24] = 0
servertag[32] != 0
((char*)&$unknown_341692)[160] = 0
$unknown_341697 != 0
strlen(&$unknown_341697) != 0
$unknown_341701 = 0
strlen(&$unknown_341701) = 0
$unknown_341708 != 0
$unknown_341709 = 0
strlen(&$unknown_341709) = 0

Postconditions

queuelist->len' >= 2
queuelist->pdata' = &$unknown_341707
add_mode' = 1
chat' = &$unknown_341692
chat' = &$unknown_341692
fileargs' = &$unknown_341697
fname' = &$unknown_341703
fname' = &$unknown_341701
globbuf.gl_pathc' >= 2
globbuf.gl_pathv' = &$unknown_341702
mode' = 1
nick' = &$unknown_341709
optlist' = &$unknown_341694
passive' = 1
passive' = 1
qlist' = &$unknown_341708
queue' <= -1
rec' = $unknown_341708
ret' = &$unknown_341705
servertag' = server->tag
servertag' = server->tag
servertag' = server->tag

Change Warning 7269.28354 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: