Text  |   XML   |   Visible Warnings:

irssi-0.8.14 : irssi-0.8.14 analysis 2 : Null Pointer Dereference  at fe-channels.c:407

Categories: LANG.MEM.NPD CWE:476
Warning ID: 7297.28386
Procedure: display_sorted_nicks
Trace: view
Modified: Thu Nov 26 11:09:15 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/irssi-0.8.14/src/fe-common/core/fe-channels.c
   Enter display_sorted_nicks
 328 static void display_sorted_nicks(CHANNEL_REC *channel, GSList *nicklist) 
 329 {
 330         WINDOW_REC *window;
 331         TEXT_DEST_REC dest;
 332         GString *str;
 333         GSList *tmp;
 334         char *format, *stripped, *prefix_format;
 335         char *linebuf, nickmode[2] = { 0, 0 };
 336         int *columns, cols, rows, last_col_rows, col, row, max_width;
 337         int item_extra, linebuf_size, formatnum;
 338  
 339         window = window_find_closest(channel->server, channel->visible_name,
 340                                      MSGLEVEL_CLIENTCRAP);
 341         max_width = window->width;
 342  
 343         /* get the length of item extra stuff ("[ ] ") */ 
 344         format = format_get_text(MODULE_NAME, NULL,
 345                                  channel->server, channel->visible_name,
 346                                  TXT_NAMES_NICK, " ", "");
 347         stripped = strip_codes(format);
 348         item_extra = strlen(stripped);
 349         g_free(stripped);
 350         g_free(format);
 351  
 352         if (settings_get_int("names_max_width") > 0 &&
 353             settings_get_int("names_max_width") < max_width)
 354                 max_width = settings_get_int("names_max_width");
 355  
 356         /* remove width of the timestamp from max_width */ 
 357         format_create_dest(&dest, channel->server, channel->visible_name,
 358                            MSGLEVEL_CLIENTCRAP, NULL);
 359         format = format_get_line_start(current_theme, &dest, time(NULL));
 360         if (format != NULL) {
 361                 stripped = strip_codes(format);
 362                 max_width -= strlen(stripped);
 363                 g_free(stripped);
 364                 g_free(format);
 365         }
 366  
 367         /* remove width of the prefix from max_width */ 
 368         prefix_format = format_get_text(MODULE_NAME, NULL,
 369                                         channel->server, channel->visible_name,
 370                                         TXT_NAMES_PREFIX,
 371                                         channel->visible_name);
 372         if (prefix_format != NULL) {
 373                 stripped = strip_codes(prefix_format);
 374                 max_width -= strlen(stripped);
 375                 g_free(stripped);
 376         }
 377  
true378         if (max_width <= 0) {
 379                 /* we should always have at least some space .. if we 
 380                    really don't, it won't show properly anyway. */ 
 381                 max_width = 10;
 382         }
 383  
 384         /* calculate columns */ 
 385         cols = get_max_column_count(nicklist, get_nick_length, max_width,
columns <= 4095386                                     settings_get_int("names_max_columns"),
true387                                     item_extra, 3, &columns, &rows);
 388         nicklist = columns_sort_list(nicklist, rows);
 389  
 390         /* rows in last column */ 
 391         last_col_rows = rows-(cols*rows-g_slist_length(nicklist));
 392         if (last_col_rows == 0)
 393                 last_col_rows = rows;
 394  
 395         str = g_string_new(prefix_format);
 396         linebuf_size = max_width+1; linebuf = g_malloc(linebuf_size);
 397  
 398         col = 0; row = 0;
 399         for (tmp = nicklist; tmp != NULL; tmp = tmp->next) {
 400                 NICK_REC *rec = tmp->data;
 401  
 402                 if (rec->prefixes[0])
 403                         nickmode[0] = rec->prefixes[0];
 404                 else 
 405                         nickmode[0] = ' ';
 406                  
columns <= 4095407                 if (linebuf_size < columns[col]-item_extra+1) {     /* Null Pointer Dereference */
Preconditions 
channel->server = 0
((char*)windows->data)[8] >= 1
((char*)$unknown_410126)[2] != 0
((char*)$unknown_410126)[3] = 0
((char*)$unknown_410126)[1] != 0
((char*)$unknown_410126)[1] <= 95
strlen($unknown_410126) = 3
strlen(&$unknown_410119) = 3
((char*)&$unknown_410119)[2] != 0
((char*)&$unknown_410119)[3] = 0
((char*)&$unknown_410119)[1] != 0
((char*)&$unknown_410119)[1] <= 95
strlen(&$unknown_410124) = 0
((char*)&$unknown_410126)[8] >= ((char*)&$unknown_410126)[4] + 2
strlen(&$unknown_410130) != 29
((char*)&$unknown_410130)[29] != 0
Postconditions 
strlen(&$unknown_410118)' = 0
strlen(&$unknown_410125)' = 0
strlen(&$unknown_410128)' = 0
col' = 0
cols' = 0
columns' = 0
dest.window' != 0
dest.level' = 524288
dest.server' = channel->server
dest.server_tag' = 0
dest.target' = channel->visible_name
format' = &$unknown_410124
item_extra' = 0
last_col_rows' = 0
linebuf_size' = ((char*)windows->data)[8] + 1
max_width' = ((char*)windows->data)[8]
nickmode[0]' = ((char*)&$unknown_410130)[29]
nickmode[1]' = 0
prefix_format' = $unknown_410126
rec' = &$unknown_410130
row' = 0
rows' = 0
stripped' = &$unknown_410128
tmp' = nicklist
window' = windows->data



Change Warning 7297.28386 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: