Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : Integer Overflow of Allocation Size  at ddpro.c:1432

Categories: ALLOC.IOAS BSI:MALLOC-OVERFLOW CWE:680
Warning ID: 123.28744
Procedure: exectasks
Trace: view
Modified: Thu Nov 26 11:27:41 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/ddpro.c
   Enter exectasks
 1401 exectasks(mp, rmp, schtid) 
 1402         struct pmsg *mp;                /* the request message */ 
 1403         struct pmsg *rmp;               /* reply message blank */ 
 1404         int schtid;                             /* scheduler for new tasks */ 
 1405 {
 1406         struct pmsg *mp2;                       /* reply message hdl */ 
 1407         int i;
 1408         struct timeval now;
 1409         struct waitc_spawn *wxp;        /* new task parameters */ 
 1410         int munge_tenv = 0;
 1411         char tmp[255];
 1412         char *wd = 0;
 1413         char *savewd = 0;
 1414  
 1415         wxp = TALLOC(1, struct waitc_spawn, "waix");   /* Integer Overflow of Allocation Size (ID: 120.28741) */
 1416         BZERO((char*)wxp, sizeof(struct waitc_spawn));   /* Null Pointer Dereference (ID: 125.28746) */
 1417  
 1418         /* unpack message */ 
 1419  
 1420         if (upkuint(mp, &wxp->w_ptid) 
 1421         || upkstralloc(mp, &wxp->w_file) 
 1422         || upkint(mp, &wxp->w_flags) 
 1423         || upkint(mp, &wxp->w_veclen) 
 1424         || upkint(mp, &wxp->w_argc))
 1425                 goto bad;
 1426  
 1427         if (wxp->w_veclen < 1)
 1428                 goto bad;
 1429         wxp->w_vec = TALLOC(wxp->w_veclen, int, "tids");   /* Integer Overflow of Allocation Size (ID: 124.28745) */
 1430  
 1431         wxp->w_argc += 2;
true1432         wxp->w_argv = TALLOC(wxp->w_argc + 1, char*, "argv");     /* Integer Overflow of Allocation Size */
Preconditions 
&$unknown_433988 >= 1
((char*)&$heap_63813)[24] >= 1
$input_12 = 0
Postconditions 
$heap_63813' = &$heap_63814
bytes_after(&$heap_63813)' = 84
$heap_63813' is allocated by malloc
bytes_before(&$heap_63813)' = 0
((char*)&$heap_63813)[20]' = &$heap_63815
bytes_after(&$heap_63814)' = &$unknown_433988
$heap_63814' is allocated by malloc
bytes_before(&$heap_63814)' = 0
bytes_after(&$heap_63815)' = 4 * ((char*)&$heap_63813)[24]
$heap_63815' is allocated by malloc
$heap_63815' is allocated
bytes_before(&$heap_63815)' = 0
munge_tenv' = 0
savewd' = 0
wd' = 0
wxp' = &$heap_63813



Change Warning 123.28744 : Integer Overflow of Allocation Size

Priority:
State:
Finding:
Owner:
Note: