Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference  at msgbox.c:353

Categories: LANG.MEM.NPD CWE:476
Warning ID: 170.28792
Procedure: mb_insert
Trace: view
Modified: Thu Nov 26 11:27:57 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/msgbox.c
   Enter mb_insert
 321 mb_insert(tid, name, req, flags, mp) 
 322         int tid;                                /* owner task */ 
 323         char *name;                             /* class name */ 
 324         int req;                                /* index requested or -1 for lowest avail */ 
 325         int flags;
 326         struct pmsg *mp;                /* message to store */ 
 327 {
 328         struct pvmmclass *np;
 329         struct pvmmentry *ep;
 330         struct pvmmentry *ep2 = 0;
 331  
 332         int dind;       /* direct index */ 
 333         int cind;       /* current index */ 
 334  
 335         /* must change to always pass in -1 for 3.4 calls */ 
 336         /* then can distinguish between 3.4 reinsert which succeeds 
 337                 if !overwritable/minst & 3.3 reinsert which should fail */ 
 338         /* to fix the "if (ep->me_ind == req)" conditional 
 339                 use a "current index":  cind = ( req == -1 ) ? 0 : req; */ 
 340         /* also, minst supercedes overwritable, else no way to build 
 341                 a minst list from within a single task... */ 
 342  
 343         if (!(np = mc_find(name)))
true344                 if (!(np = mc_new(name)))
 345                         return PvmNoMem;
 346  
 347         dind = PvmMboxDirectIndexOf( flags );
 348  
 349         cind = ( req == -1 ) ? 
 350                 ( ( dind ) ? dind : 0 ) 
 351                 : req;
 352  
np->mc_ent <= 4095353         for (ep = np->mc_ent->me_link; ep != np->mc_ent; ep = ep->me_link)     /* Null Pointer Dereference */
Preconditions 
req = -1
Postconditions 
pvmmboxclasses->mc_rlink' = &$heap_69702
pvmmboxclasses->mc_rlink->mc_link' = &$heap_69702
cind' = 0
dind' = 0
ep2' = 0
errno' != 0
$heap_69702' = pvmmboxclasses
bytes_after(&$heap_69702)' = 16
$heap_69702' is allocated by malloc
$heap_69702' is allocated
bytes_before(&$heap_69702)' = 0
((char*)&$heap_69702)[4]' = pvmmboxclasses->mc_rlink
((char*)&$heap_69702)[8]' = &$heap_69703
((char*)&$heap_69702)[12]' = 0
$heap_69703' = *name
bytes_after(&$heap_69703)' = strlen(name) + 1
$heap_69703' is allocated by malloc
$heap_69703' is allocated
bytes_before(&$heap_69703)' = 0
strlen(&$heap_69703)' = strlen(name)
tocttou($heap_69703)' = tocttou(*name)
np' = &$heap_69702



Change Warning 170.28792 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: