CodeSonar : pvm3.4.6 : No Space For Null Terminator

pvm3.4.6 : pvm3.4.6 analysis 2 : No Space For Null Terminator at imalloc.c:258

Categories:	MISC.MEM.NTERM CWE:170
Warning ID:	22065.28826
Procedure:	i_malloc
Trace:	view
Modified:	Thu Nov 26 11:28:09 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/imalloc.c

			Enter i_malloc

182

char*

183

i_malloc(len, tag)

184

unsigned len; /* number of bytes */

185

char *tag; /* content description */

186

{

187

char *ptr;

188

struct glob *ob; /* hash tbl entry */

struct glob **he;

int i; /* gp */

if (firsttime) {

firsttime = 0;

BZERO((char*)hashtbl, sizeof(hashtbl));

195

196

#if STATICGLOBS > 0

197

/* initialize the glob freelist */

198

ob = 0;

199

for (i = STATICGLOBS-1; i >= 0; i--) {

200

globheap[i].next = ob;

ob = &globheap[i];

}

globfl = ob;

#endif

}

/* check req length */

#if LET0BE1 > 0

if (!len)

len = 1;

#endif

if (len < 1 || len > lengthlimit) {

214

(void)sprintf(msbuf, "i_malloc: bogus len=%d\n", len);

215

(void)SWRITE (debfd, msbuf );

216

i_choke();

217

return (char*)0; /* Unreachable Computation (ID: 197.28823) */

218

}

219

220

/* do actual malloc */

221

222

if (!(ptr = (char*)malloc(len + lopad + hipad))) {

223

(void)sprintf(msbuf, "i_malloc: malloc failed len=%d\n", len);

224

(void)SWRITE (debfd, msbuf );

225

i_choke();

226

return (char*)0; /* Unreachable Computation (ID: 197.28824) */

}

/* get descriptor */

#if STATICGLOBS > 0

if (ob = globfl) {

...

globavail--;

} else {

(void)sprintf(msbuf, "i_malloc: glob allocate failed (max %d)\n",

238

STATICGLOBS);

239

(void)SWRITE(debfd, msbuf);

i_choke();

return (char*)0;

}

#else

if (!(ob = (struct glob*)malloc(sizeof(struct glob)))) {

245

(void)sprintf(msbuf, "i_malloc: malloc failed for glob\n");

246

(void)SWRITE (debfd, msbuf );

247

i_choke();

248

return (char*)0; /* Unreachable Computation (ID: 197.28825) */

}

#endif

/* enter descriptor, write head and tail pads */

ob->flg = OBALLOC;

ob->id = ++globid;

ob->tag[0] = 0;

if (tag)

strncpy(ob->tag, tag, 4); /* No Space For Null Terminator */

Preconditions

len = 0
&$unknown_693979 = 8 * strlen(tag)
&$unknown_693979 >= 32
strlen(tag) >= 4
firsttime != 0
lengthlimit >= 1

Postconditions

firsttime' = 0
globid' = globid + 1
hashtbl[0]' = 0
$heap_75116' is allocated by malloc
$heap_75116' is allocated
bytes_before(&$heap_75116)' = 0
bytes_after(&$heap_75117)' = 36
$heap_75117' is allocated by malloc
$heap_75117' is allocated
bytes_before(&$heap_75117)' = 0
strlen(&$heap_75117)' = 32
((char*)&$heap_75117)[28]' = 1
((char*)&$heap_75117)[32]' = 0
((char*)&$heap_75117)[12]' = globid + 1
len' = 1
ob' = &$heap_75117
ptr' = &$heap_75116

Change Warning 22065.28826 : No Space For Null Terminator

Priority:
State:
Finding:
Owner:
Note: