CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at pvmcruft.c:1405

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	181.28807
Procedure:	pvmmatchstring
Trace:	view
Modified:	Thu Nov 26 11:28:05 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/ddpro.c

			Enter dm_db

	2943		dm_db(hp, mp)
	2944		struct hostd *hp;
	2945		struct pmsg *mp;
	2946		{
	2947		int opcode; /* op requested */
	2948		int tid;
	2949		int req; /* index requested */
	2950		int flags;
	2951		char name = 0; / class name */
	2952		struct pmsg mp2 = 0; / reply */
	2953		struct pmsg mp3 = 0; / data message */
	2954
	2955		struct waitc wp, wp2; /* wait ctx ptrs (notify, recvinfo */
	2956		struct pmsg mp4 = 0; / notify forward message */
	2957		struct hostd hp2; / remote notify host */
	2958
	2959		struct pvmmclass np, np2; /* reset pointers */
	2960		struct pvmmentry ep, ep2; /* reset pointers */
	2961		int noresets; / noreset tids */
	2962		int nnr; /* # of noreset tasks */
	2963		int found;
	2964		int cc;
	2965		int i;
	2966		int notified;
	2967
	2968		hp = hp;
	2969
	2970		if (upkint(mp, &opcode ) \|\| upkint(mp, &tid )

true

2971

|| upkstralloc(mp, &name ) || upkint(mp, &req ) || upkint(mp, &flags ))

goto badformat;

mp2 = mesg_new (0);

mp2->m_dst = mp->m_src; /* Null Pointer Dereference (ID: 183.28808) */

2976

mp2->m_tag = DM_DBACK;

2977

mp2->m_wid = mp->m_wid;

switch (opcode) {

case TMDB_PUT:

mp3 = mesg_new (0);

if (pmsg_unpack(mp, mp3 ))

2984

goto badformat;

2985

if ((req = mb_insert(tid, name, req, flags, mp3 )) < 0)

pmsg_unref(mp3 );

else {

/* check for any pending requests for this mbox entry */

...

return 0;

} else {

pkint(mp2, cc );

if (mp3) {

pmsg_pack(mp2, mp3 );

pmsg_unref(mp3 );

}

}

break;

case TMDB_NAMES:

pkint(mp2, 0);

req = mb_names(tid, name, mp2 );

					/kat0/fletcher/SATE/2010/pvm3/src/msgbox.c

					Enter dm_db / mb_names

	475				mb_names(tid, pattern, mp)
	476				int tid;
	477				char *pattern;
	478				struct pmsg *mp;
	479				{
	480				struct pvmmclass *np;
	481				struct pvmmentry *ep;
	482
	483				#ifdef USE_GNU_REGEX
	484				void *pattbuff;
	485				int pattglob = 0;
					...
	496
	497				/* Compile Regular Expression */
	498
	499				if ( !pattglob )
	500				pattbuff = pvmcompileregex( pattern );
	501
	502				#endif
	503
	504				/* Count # of Classes */
	505
	506				cnt = 0;
	507
	508				for ( np = pvmmboxclasses->mc_link; np != pvmmboxclasses;
	509				np = np->mc_link )
	510				{
	511				#ifdef USE_GNU_REGEX
	512				if ( pattglob
	513				\|\| ( ( pattbuff ) ?
	514				( pvmmatchregex( pattbuff, np->mc_name ) )
	515				: ( !strcmp( pattern, np->mc_name ) ) ) )
	516				#else

pattern <= 4095

517

if ( pvmmatchstring( np->mc_name, pattern ) )

							/kat0/fletcher/SATE/2010/pvm3/src/pvmcruft.c

							Enter dm_db / mb_names / pvmmatchstring

1392

pvmmatchstring( str, pattern )

char *str;

char *pattern;

{

char *start;

char *save;

char *x;

char *y;

/* Find Start of Search String (Ignore Preceding '*'s) */

start = pattern;

while ( *start == '*' && *start != '\0' ) /* Null Pointer Dereference */ /* Redundant Condition (ID: 171.28793) */

							Exit dm_db / mb_names / pvmmatchstring

					Exit dm_db / mb_names

Preconditions

pvmmboxclasses->mc_link != pvmmboxclasses
numfrags = 0
numpmsgs != 0

Postconditions

freepmsgs.m_link->m_link->m_rlink' = freepmsgs.m_link->m_rlink
freepmsgs.m_link->m_rlink->m_link' = freepmsgs.m_link->m_link
((char*)$unknown_682474)[4]' = &$unknown_682475
$unknown_682475' = &freefrags.fr_link
((char*)&$unknown_682475)[4]' = ((char*)&$unknown_682474)[4]
cnt' = 0
errno' != 0
freefrags.fr_link' = &$unknown_682475 - 48
freefrags.fr_rlink' = &$unknown_682475
mp' = freepmsgs.m_link
mp2' = freepmsgs.m_link
mp3' = 0
mp4' = 0
name' = 0
np' = pvmmboxclasses->mc_link
numfrags' = 499
numpmsgs' = numpmsgs - 1
opcode' = 4
pattern' = 0
pattern' = 0
start' = 0
str' = pvmmboxclasses->mc_link->mc_name
tid' = tid'

Change Warning 181.28807 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: