Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference  at ddpro.c:896

Categories: LANG.MEM.NPD CWE:476
Warning ID: 22057.28728
Procedure: addhosts
Trace: view
Modified: Thu Nov 26 11:27:37 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/ddpro.c
   Enter addhosts
 840 addhosts(mp, rmp) 
 841         struct pmsg *mp;        /* the request message */ 
 842         struct pmsg *rmp;       /* reply message blank */ 
 843 {
 844         struct hostd *hp, *hp2;
 845         struct pmsg *mp2;
 846         struct waitc *wp = 0;
 847         struct waitc_add *wxp = 0;
 848         int i, j;
 849         int count;
 850         int ngood;
 851         int ntid;
 852         struct hostent *he;
 853         int maxhostid = (tidhmask >> ffs(tidhmask) - 1);
 854         int hh;
 855         int pid;
 856         int *tids;
 857         char *winpvmdpath;
 858         char *pvmdpath;
 859         char *vmid;
 860         char *buf;
 861         int len;
 862  
 863         /*
 864         * have to lock this for 2 reasons:
 865         *  1. system can't handle overlapping host table updates,
 866         *  2. the new host tids aren't reserved 
 867         */ 
 868         if (busyadding) {
 869 /*
 870                 pvmlogerror("addhosts() already adding new hosts\n");
 871 */ 
 872                 pkint(rmp, PvmAlready);
 873                 sendmessage(rmp);
 874                 return 0;
 875         }
 876  
 877         busyadding = 1;
 878  
 879         /* sanity check count */ 
 880  
 881         if (upkint(mp, &count) || count < 1 || count > maxhostid) {
 882                 pvmlogerror("addhosts() bad msg format\n");
 883                 goto bad;
 884         }
 885  
 886         /*
 887         * make wait context, extract host list from message,
 888         */ 
 889  
 890         wp = wait_new(WT_HOSTSTART);
 891         wp->wa_tid = mp->m_src;
 892         wp->wa_dep = mp->m_wid;
 893         wxp = TALLOC(1, struct waitc_add, "waix");
 894         wxp->w_num = count;   /* Null Pointer Dereference (ID: 22059.28730) */
true895         wxp->w_hosts = TALLOC(count, struct hostd *, "waiv");   /* Integer Overflow of Allocation Size (ID: 22058.28729) */
wxp->w_hosts <= 4095896         BZERO((char*)wxp->w_hosts, count * sizeof(struct hostd *));     /* Null Pointer Dereference */
Preconditions 
&$unknown_374471 = &$unknown_374473 / 4
&$unknown_374471 >= 1
&$unknown_374473 >= 4
waitlist->wa_wid <= widbase
waitlist->wa_link != waitlist
busyadding = 0
widrange <= lastwid
Postconditions 
((char*)**$unknown_374472)[4]' = &$heap_58042
busyadding' = 1
count' = &$unknown_374471
errno' != 0
bytes_after(&$heap_58042)' = 48
$heap_58042' is allocated by malloc
$heap_58042' is allocated
bytes_before(&$heap_58042)' = 0
((char*)&$heap_58042)[16]' = 0
((char*)&$heap_58042)[32]' = &$heap_58042
((char*)&$heap_58042)[36]' = 0
((char*)&$heap_58042)[40]' = 0
((char*)&$heap_58042)[4]' = ((char*)*$unknown_374472)[4]
((char*)&$heap_58042)[44]' = 0
((char*)&$heap_58042)[8]' = widbase + 1
((char*)&$heap_58042)[12]' = 3
$heap_58043' = &$unknown_374471
bytes_after(&$heap_58043)' = 8
$heap_58043' is allocated by malloc
$heap_58043' is allocated
bytes_before(&$heap_58043)' = 0
((char*)&$heap_58043)[4]' = 0
lastwid' = 1
maxhostid' >= 1
maxhostid' >= &$unknown_374473 / 4
wp' = &$heap_58042
wxp' = &$heap_58043



Change Warning 22057.28728 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: