CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at ddpro.c:2301

Categories:

LANG.MEM.NPD CWE:476

Warning ID:

146.28767

Similar Warnings:

146.28768

Procedure:

startack

Trace:

view

Modified:

Thu Nov 26 11:27:49 2009 show details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/ddpro.c

			Enter startack

2056

startack(wp, mp)

2057

struct waitc *wp; /* wait context on hoster */

struct pmsg *mp;

{

struct hostd *hp;

struct pmsg *mp2;

struct waitc *wp2; /* seed waitc for htupd peer group */

2063

struct waitc *wp3;

2064

int count; /* num of new hosts */

2065

int happy; /* num of happy new hosts */

2066

struct waitc_add *wxp;

...

int i, j;

int t;

int hh;

char *buf;

char buf2[256];

* unpack startup results, update hosts in wait context

2078

2079

2080

wxp = (struct waitc_add *)wp->wa_spec;

count = wxp->w_num;

upkint(mp, &j );

while (j-- > 0) {

if (upkuint(mp, &t ) || upkstralloc(mp, &buf )) {

2086

pvmlogerror("startack() bad message format\n");

2087

pkint(wp->wa_mesg, PvmDSysErr );

2088

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

return 0;

}

for (i = count; i-- > 0 && wxp->w_hosts[i]->hd_hostpart != t; ) ;

2095

if (i < 0) {

2096

pvmlogprintf("startack() what? some random tid %x\n", t );

2097

pkint(wp->wa_mesg, PvmDSysErr );

2098

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

PVM_FREE(buf); /* Free Null Pointer (ID: 148.28771) */

2103

return 0;

2104

}

2105

hp = wxp->w_hosts[i];

2106

ac = sizeof(av)/sizeof(av[0]);

2107

if (crunchzap(buf, &ac, av ) || ac != 5) {

2108

pvmlogprintf("startack() host %s expected version, got \"%s\"\n",

2109

hp->hd_name, buf );

2110

if (!(hp->hd_err = errnamecode(buf )))

2111

hp->hd_err = PvmCantStart;

PVM_FREE(buf);

continue;

}

ver = atoi(av[0]);

if (ver != DDPROTOCOL) {

2118

pvmlogprintf(

2119

"slave_exec() host %s d-d protocol mismatch (%d/%d)\n",

2120

hp->hd_name, ver, DDPROTOCOL );

2121

hp->hd_err = PvmBadVersion;

continue;

}

hp->hd_arch = STRALLOC(av[1]); /* Null Pointer Dereference (ID: 22061.28770) */

2126

hex_inadport(av[2], &hp->hd_sad );

2127

hp->hd_mtu = atoi(av[3]);

2128

hp->hd_dsig = atoi(av[4]);

PVM_FREE(buf);

}

* update reply message to add-host requestor

mp2 = wp->wa_mesg;

pkint(mp2, count );

pkint(mp2, 0); /* XXX narches = 0 for now */

2140

for (i = 0; i < count; i++) {

2141

hp = wxp->w_hosts[i];

2142

if (hp->hd_err) {

2143

pkint(mp2, hp->hd_err );

pkstr(mp2, "");

pkstr(mp2, "");

pkint(mp2, 0);

pkint(mp2, 0);

} else {

pkint(mp2, hp->hd_hostpart );

2151

pkstr(mp2, hp->hd_name );

2152

pkstr(mp2, hp->hd_arch );

2153

pkint(mp2, hp->hd_speed );

2154

pkint(mp2, hp->hd_dsig );

}

}

* delete broken ones, done now if none succeeded,

2160

* otherwise done when host table update is complete.

2161

2162

2163

for (j = i = 0; i < count; i++)

2164

if (!wxp->w_hosts[i]->hd_err) {

2165

hp = wxp->w_hosts[i];

2166

wxp->w_hosts[i] = 0;

2167

wxp->w_hosts[j++] = hp;

2168

2169

} else {

2170

hd_unref(wxp->w_hosts[i]);

wxp->w_hosts[i] = 0;

}

count = j;

if (count < 1) {

busyadding = 0;

sendmessage(wp->wa_mesg );

2178

wp->wa_mesg = 0;

2179

free_waitc_add(wxp );

wait_delete(wp );

return 0;

}

wp2 = wait_new (WT_HTUPD );

2185

wp2->wa_dep = wp->wa_dep;

2186

wp2->wa_mesg = wp->wa_mesg;

wp->wa_mesg = 0;

* make next host table

2191

2192

2193

newhosts = ht_new (1);

2194

newhosts->ht_serial = hosts->ht_serial + 1;

2195

newhosts->ht_master = hosts->ht_master;

2196

newhosts->ht_cons = hosts->ht_cons;

2197

newhosts->ht_local = hosts->ht_local;

2198

2199

for (i = 0; i < count; i++)

2200

ht_insert(newhosts, wxp->w_hosts[i]);

2201

2202

free_waitc_add(wxp );

wait_delete(wp );

wp = 0;

runstate = PVMDHTUPD;

2207

2208

2209

* send DM_SLCONF message to each new host

2210

2211

2212

for (hh = newhosts->ht_last; hh > 0; hh--)

2213

if (hp = newhosts->ht_hosts[hh]) {

2214

mp2 = mesg_new (0);

2215

mp2->m_tag = DM_SLCONF; /* Null Pointer Dereference (ID: 147.28769) */

2216

mp2->m_dst = hp->hd_hostpart | TIDPVMD;

2217

if (hp->hd_epath) {

2218

pkint(mp2, DM_SLCONF_EP );

2219

pkstr(mp2, hp->hd_epath );

2220

}

2221

if (hp->hd_bpath) {

2222

pkint(mp2, DM_SLCONF_BP );

2223

pkstr(mp2, hp->hd_bpath );

2224

}

2225

if (hp->hd_wdir) {

2226

pkint(mp2, DM_SLCONF_WD );

2227

pkstr(mp2, hp->hd_wdir );

2228

}

2229

if (pvmschedtid) {

2230

sprintf(buf2, "%x", pvmschedtid);

2231

pkint(mp2, DM_SLCONF_SCHED );

2232

pkstr(mp2, buf2 );

2233

}

2234

if (pvmtracer.trctid || pvmtracer.outtid) {

2235

sprintf(buf2, "%x %d %d %x %d %d %d %d %s",

2236

pvmtracer.trctid, pvmtracer.trcctx,

2237

pvmtracer.trctag,

2238

pvmtracer.outtid, pvmtracer.outctx,

2239

pvmtracer.outtag,

2240

pvmtracer.trcbuf, pvmtracer.trcopt,

2241

pvmtracer.tmask);

2242

pkint(mp2, DM_SLCONF_TRACE );

pkstr(mp2, buf2 );

}

sendmessage(mp2 );

}

* create host table update message containing all current hosts

2250

* plus new ones, send to each new host.

mp2 = mesg_new (0);

mp2->m_tag = DM_HTUPD; /* Null Pointer Dereference (ID: 146.28768) */

2255

pkint(mp2, newhosts->ht_serial );

2256

pkint(mp2, newhosts->ht_master );

2257

pkint(mp2, newhosts->ht_cons );

2258

pkint(mp2, hosts->ht_cnt + newhosts->ht_cnt );

2259

for (hh = hosts->ht_last; hh > 0; hh--)

2260

if (hp = hosts->ht_hosts[hh]) {

2261

pkint(mp2, hh );

2262

pkstr(mp2, hp->hd_name );

2263

pkstr(mp2, hp->hd_arch );

2264

pkstr(mp2, inadport_hex (&hp->hd_sad ));

2265

pkint(mp2, hp->hd_mtu );

2266

pkint(mp2, hp->hd_speed );

2267

pkint(mp2, hp->hd_dsig );

2268

}

2269

for (hh = newhosts->ht_last; hh > 0; hh--)

2270

if (hp = newhosts->ht_hosts[hh]) {

2271

pkint(mp2, hh );

2272

pkstr(mp2, hp->hd_name );

2273

pkstr(mp2, hp->hd_arch );

2274

pkstr(mp2, inadport_hex (&hp->hd_sad ));

2275

pkint(mp2, hp->hd_mtu );

2276

pkint(mp2, hp->hd_speed );

2277

pkint(mp2, hp->hd_dsig );

2278

}

2279

2280

for (hh = newhosts->ht_last; hh > 0; hh--)

2281

if (hp = newhosts->ht_hosts[hh]) {

2282

mp2->m_ref++;

2283

mp2->m_dst = hp->hd_hostpart | TIDPVMD;

2284

wp3 = wait_new (WT_HTUPD );

2285

wp3->wa_dep = wp2->wa_dep;

2286

wp2->wa_mesg->m_ref++;

2287

wp3->wa_mesg = wp2->wa_mesg;

2288

wp3->wa_on = hp->hd_hostpart;

2289

LISTPUTBEFORE(wp2, wp3, wa_peer, wa_rpeer);

2290

mp2->m_wid = wp3->wa_wid;

sendmessage(mp2 );

}

pmsg_unref(mp2 );

* create host table update message containing happy new hosts,

2297

* send to each old host.

mp2 = mesg_new (0);

mp2->m_tag = DM_HTUPD; /* Null Pointer Dereference */

Preconditions

&$unknown_538179 = &$unknown_538180 - 92
wp->wa_peer >= 0
hosts->ht_hosts[1] = 0
((char*)((char*)*wp->wa_spec)[4])[48] = 0
((char*)&((char*)$heap_66664)[4])[24] = 0
hosts->ht_last >= 2
wp->wa_link >= 0
*wp->wa_spec = 1
*((char*)*wp->wa_spec)[4] >= 1
waitlist->wa_link != waitlist
$heap_66662 != 0
strlen(&$heap_66662) != 0
((char*)&$heap_66665)[4] >= 2
pvmschedtid != 0
pvmtracer.trctid = 0
pvmtracer.outtid = 0

Postconditions

waitlist->wa_link->wa_rlink' = &$heap_66666
((char*)$unknown_538168)[4]' = ((char*)&$unknown_538168)[4]
((char*)&((char*)$heap_66663)[32])[28]' = &$heap_66666
((char*)$unknown_538168)[4]' = $unknown_538168
((char*)&$unknown_538180)[4]' = ((char*)&$unknown_538179)[4]
$unknown_538198' = &$heap_66666
buf' = &$heap_66662
strlen(&buf[0])' = 17
strlen(&buf2[0])' = 8
buf2[8]' = 0
buf[17]' = 0
count' = 1
errno' != 0
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
bytes_after(&$heap_66663)' = 48
$heap_66663' is allocated by malloc
$heap_66663' is allocated
bytes_before(&$heap_66663)' = 0
((char*)&$heap_66663)[16]' = 0
((char*)&$heap_66663)[20]' = 0
((char*)&$heap_66663)[24]' = wp->wa_dep
((char*)&$heap_66663)[32]' = &$heap_66666
((char*)&$heap_66663)[36]' = wp->wa_mesg
((char*)&$heap_66663)[40]' = 0
((char*)&$heap_66663)[44]' = 0
((char*)&$heap_66663)[12]' = 6
$heap_66664' = 0
$heap_66664' is allocated
bytes_before(&$heap_66664)' = 0
$heap_66665' = hosts->ht_serial + 1
bytes_after(&$heap_66665)' = 32
$heap_66665' is allocated by malloc
$heap_66665' is allocated
bytes_before(&$heap_66665)' = 0
((char*)&$heap_66665)[16]' = hosts->ht_cons
((char*)&$heap_66665)[20]' = hosts->ht_local
((char*)&$heap_66665)[24]' >= 0
((char*)&$heap_66665)[24]' <= 1
((char*)&$heap_66665)[28]' = &$heap_66664
((char*)&$heap_66665)[8]' = ((char*)&$heap_66665)[8] + 1
((char*)&$heap_66665)[12]' = hosts->ht_master
$heap_66666' = waitlist->wa_link
bytes_after(&$heap_66666)' = 48
$heap_66666' is allocated by malloc
$heap_66666' is allocated
bytes_before(&$heap_66666)' = 0
((char*)&$heap_66666)[20]' = 0
((char*)&$heap_66666)[24]' = wp->wa_dep
((char*)&$heap_66666)[28]' = &$heap_66663
((char*)&$heap_66666)[32]' = ((char*)&$heap_66663)[32]
((char*)&$heap_66666)[36]' = wp->wa_mesg
((char*)&$heap_66666)[40]' = 0
((char*)&$heap_66666)[4]' = &$unknown_538198
((char*)&$heap_66666)[44]' = 0
((char*)&$heap_66666)[8]' >= waitlist->wa_wid + 1
((char*)&$heap_66666)[8]' <= waitlist->wa_link->wa_wid - 1
((char*)&$heap_66666)[12]' = 6
hh' = 0
hp' = ((char*)&$heap_66664)[4]
i' = 1
j' = 1
mp2' = 0
newhosts' = &$heap_66665
numpmsgs' = 0
runstate' = 2
wp' = 0
wp2' = &$heap_66663
wp3' = &$heap_66666
wxp' = wp->wa_spec

Change Warning 146.28767 : Null Pointer Dereference

Because they are very similar, this warning shares annotations with warning 146.28768.

Priority:
State:
Finding:
Owner:
Note: