CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at ddpro.c:2215

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	147.28769
Procedure:	startack
Trace:	view
Modified:	Thu Nov 26 11:27:50 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/ddpro.c

			Enter startack

2056

startack(wp, mp)

2057

struct waitc *wp; /* wait context on hoster */

struct pmsg *mp;

{

struct hostd *hp;

struct pmsg *mp2;

struct waitc *wp2; /* seed waitc for htupd peer group */

2063

struct waitc *wp3;

2064

int count; /* num of new hosts */

2065

int happy; /* num of happy new hosts */

2066

struct waitc_add *wxp;

...

int i, j;

int t;

int hh;

char *buf;

char buf2[256];

* unpack startup results, update hosts in wait context

2078

2079

2080

wxp = (struct waitc_add *)wp->wa_spec;

count = wxp->w_num;

upkint(mp, &j );

while (j-- > 0) {

if (upkuint(mp, &t ) || upkstralloc(mp, &buf )) {

2086

pvmlogerror("startack() bad message format\n");

2087

pkint(wp->wa_mesg, PvmDSysErr );

2088

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

return 0;

}

for (i = count; i-- > 0 && wxp->w_hosts[i]->hd_hostpart != t; ) ;

2095

if (i < 0) {

2096

pvmlogprintf("startack() what? some random tid %x\n", t );

2097

pkint(wp->wa_mesg, PvmDSysErr );

2098

sendmessage(wp->wa_mesg );

wp->wa_mesg = 0;

wait_delete(wp );

busyadding = 0;

PVM_FREE(buf); /* Free Null Pointer (ID: 148.28771) */

2103

return 0;

2104

}

2105

hp = wxp->w_hosts[i];

2106

ac = sizeof(av)/sizeof(av[0]);

2107

if (crunchzap(buf, &ac, av ) || ac != 5) {

2108

pvmlogprintf("startack() host %s expected version, got \"%s\"\n",

2109

hp->hd_name, buf );

2110

if (!(hp->hd_err = errnamecode(buf )))

2111

hp->hd_err = PvmCantStart;

PVM_FREE(buf);

continue;

}

ver = atoi(av[0]);

if (ver != DDPROTOCOL) {

2118

pvmlogprintf(

2119

"slave_exec() host %s d-d protocol mismatch (%d/%d)\n",

2120

hp->hd_name, ver, DDPROTOCOL );

2121

hp->hd_err = PvmBadVersion;

continue;

}

hp->hd_arch = STRALLOC(av[1]); /* Null Pointer Dereference (ID: 22061.28770) */

2126

hex_inadport(av[2], &hp->hd_sad );

2127

hp->hd_mtu = atoi(av[3]);

2128

hp->hd_dsig = atoi(av[4]);

PVM_FREE(buf);

}

* update reply message to add-host requestor

mp2 = wp->wa_mesg;

pkint(mp2, count );

pkint(mp2, 0); /* XXX narches = 0 for now */

2140

for (i = 0; i < count; i++) {

2141

hp = wxp->w_hosts[i];

2142

if (hp->hd_err) {

2143

pkint(mp2, hp->hd_err );

pkstr(mp2, "");

pkstr(mp2, "");

pkint(mp2, 0);

pkint(mp2, 0);

} else {

pkint(mp2, hp->hd_hostpart );

2151

pkstr(mp2, hp->hd_name );

2152

pkstr(mp2, hp->hd_arch );

2153

pkint(mp2, hp->hd_speed );

2154

pkint(mp2, hp->hd_dsig );

}

}

* delete broken ones, done now if none succeeded,

2160

* otherwise done when host table update is complete.

2161

2162

2163

for (j = i = 0; i < count; i++)

2164

if (!wxp->w_hosts[i]->hd_err) {

2165

hp = wxp->w_hosts[i];

2166

wxp->w_hosts[i] = 0;

2167

wxp->w_hosts[j++] = hp;

2168

2169

} else {

2170

hd_unref(wxp->w_hosts[i]);

wxp->w_hosts[i] = 0;

}

count = j;

if (count < 1) {

busyadding = 0;

sendmessage(wp->wa_mesg );

2178

wp->wa_mesg = 0;

2179

free_waitc_add(wxp );

wait_delete(wp );

return 0;

}

wp2 = wait_new (WT_HTUPD );

2185

wp2->wa_dep = wp->wa_dep;

2186

wp2->wa_mesg = wp->wa_mesg;

wp->wa_mesg = 0;

* make next host table

2191

2192

2193

newhosts = ht_new (1);

2194

newhosts->ht_serial = hosts->ht_serial + 1;

2195

newhosts->ht_master = hosts->ht_master;

2196

newhosts->ht_cons = hosts->ht_cons;

2197

newhosts->ht_local = hosts->ht_local;

2198

2199

for (i = 0; i < count; i++)

2200

ht_insert(newhosts, wxp->w_hosts[i]);

2201

2202

free_waitc_add(wxp );

wait_delete(wp );

wp = 0;

runstate = PVMDHTUPD;

2207

2208

2209

* send DM_SLCONF message to each new host

2210

2211

2212

for (hh = newhosts->ht_last; hh > 0; hh--)

2213

if (hp = newhosts->ht_hosts[hh]) {

mp2 = mesg_new (0);

mp2->m_tag = DM_SLCONF; /* Null Pointer Dereference */

2216

mp2->m_dst = hp->hd_hostpart | TIDPVMD;

2217

if (hp->hd_epath) {

2218

pkint(mp2, DM_SLCONF_EP );

2219

pkstr(mp2, hp->hd_epath );

2220

}

2221

if (hp->hd_bpath) {

2222

pkint(mp2, DM_SLCONF_BP );

2223

pkstr(mp2, hp->hd_bpath );

2224

}

2225

if (hp->hd_wdir) {

2226

pkint(mp2, DM_SLCONF_WD );

2227

pkstr(mp2, hp->hd_wdir );

2228

}

2229

if (pvmschedtid) {

2230

sprintf(buf2, "%x", pvmschedtid);

2231

pkint(mp2, DM_SLCONF_SCHED );

2232

pkstr(mp2, buf2 );

2233

}

2234

if (pvmtracer.trctid || pvmtracer.outtid) {

2235

sprintf(buf2, "%x %d %d %x %d %d %d %d %s",

2236

pvmtracer.trctid, pvmtracer.trcctx,

2237

pvmtracer.trctag,

2238

pvmtracer.outtid, pvmtracer.outctx,

2239

pvmtracer.outtag,

2240

pvmtracer.trcbuf, pvmtracer.trcopt,

2241

pvmtracer.tmask);

2242

pkint(mp2, DM_SLCONF_TRACE );

2243

pkstr(mp2, buf2 );

2244

}

2245

sendmessage(mp2 );

Preconditions

&$unknown_549468 >= 2
wp->wa_peer >= 0
wp->wa_link >= 0
*wp->wa_spec >= 2
((char*)&$unknown_549469)[8] != 0
$heap_67853 != 0
strlen(&$heap_67853) != 0
((char*)&$heap_67856)[4] >= 3

Postconditions

buf' = &$heap_67853
count' = &$unknown_549468
errno' != 0
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
bytes_after(&$heap_67854)' = 48
$heap_67854' is allocated by malloc
$heap_67854' is allocated
bytes_before(&$heap_67854)' = 0
((char*)&$heap_67854)[16]' = 0
((char*)&$heap_67854)[20]' = 0
((char*)&$heap_67854)[24]' = wp->wa_dep
((char*)&$heap_67854)[36]' = wp->wa_mesg
((char*)&$heap_67854)[40]' = 0
((char*)&$heap_67854)[44]' = 0
((char*)&$heap_67854)[12]' = 6
$heap_67856' = hosts->ht_serial + 1
bytes_after(&$heap_67856)' = 32
$heap_67856' is allocated by malloc
$heap_67856' is allocated
bytes_before(&$heap_67856)' = 0
((char*)&$heap_67856)[16]' = hosts->ht_cons
((char*)&$heap_67856)[20]' = hosts->ht_local
((char*)&$heap_67856)[24]' >= 0
((char*)&$heap_67856)[24]' <= 1
((char*)&$heap_67856)[28]' = &$unknown_549469
((char*)&$heap_67856)[12]' = hosts->ht_master
hh' = 2
hp' = ((char*)&$unknown_549469)[8]
i' = &$unknown_549468
j' = &$unknown_549468
mp2' = 0
newhosts' = &$heap_67856
numpmsgs' = 0
runstate' = 2
wp' = 0
wp2' = &$heap_67854
wxp' = wp->wa_spec

Change Warning 147.28769 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: