Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : Buffer Overrun  at pvmd.c:4836

Categories: LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126
Warning ID: 22077.28906
Procedure: mksocs
Trace: view
Modified: Thu Nov 26 11:28:27 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/pvmd.c
   Enter slave_config
$input_93516 >= ( $unknown_9355729 - 31 ) / 325449 slave_config(hn, argc, argv) 
 5450         char *hn;
 5451         int argc;
 5452         char **argv;
 5453 {
 5454         int lh;                 /* local host index */ 
 5455         int mh;                 /* master host index */ 
 5456         struct hostd *hp;
 5457         int i, j;
 5458         int ac;
$input_93532 >= ( $unknown_9355743 - 31 ) / 325459         int ms = 0;             /* manual (humanoid) startup */ 
 5460 #ifndef WIN32 
$input_93548 >= ( $unknown_9355757 - 31 ) / 325461         int dof = 1;            /* fork, exit parent (default) */ 
 5462 #else 
 5463         int dof = 0; 
 5464 #endif 
$input_93564 >= ( $unknown_9355771 - 31 ) / 325465         int bad = 0;
 5466         char *p;
 5467         char *s;
 5468  
$input_93580 >= ( $unknown_9355785 - 31 ) / 325469         for (i = j = ac = 1; i < argc; i++) {
$input_93660 >= ( 8 * bytes_after(((char*)&$heap_149749)[28]) - 31 ) / 325470                 if (argv[i][0] == '-') {
 5471                         switch (argv[i][1]) {
 5472  
 5473                         case 'S': 
 5474                                 ms = 1;
 5475                                 break;
 5476  
 5477                         case 'f': 
 5478                                 dof = 0;
 5479                                 break;
 5480  
$input_93692 >= ( $unknown_9355833 - 31 ) / 325481                         default: 
$input_93708 >= ( $unknown_9355837 - 31 ) / 325482                                 pvmlogprintf("slave_config() unknown switch: %s\n", argv[i]);
$input_93756 >= ( $unknown_9355843 - 31 ) / 325483                                 bad++;
 5484                         }
 5485  
 5486                 } else {
 5487                         argv[j++] = argv[i];
 5488                         ac++;
 5489                 }
 5490         }
$input_93820 >= ( $unknown_9355859 - 31 ) / 325491         argc = ac;
 5492  
$input_93836 >= ( $unknown_9355863 - 31 ) / 325493         if (bad || argc != 6) {
 5494                 pvmlogerror("slave_config: bad args\n");
 5495                 pvmbailout(0);
 5496         }
 5497  
$input_93868 >= ( 8 * bytes_after(((char*)&$heap_150009)[28]) - 31 ) / 325498         mh = atoi(argv[1]);
 5499         lh = atoi(argv[4]);
lh >= ( $unknown_9355889 - 31 ) / 325500         hosts = ht_new(1);
lh >= ( $unknown_9355909 - 31 ) / 325501         hosts->ht_serial = 1;
lh >= ( $unknown_9355917 - 31 ) / 325502         hosts->ht_master = mh;
lh >= ( $unknown_9355925 - 31 ) / 325503         hosts->ht_cons = mh;
lh >= ( $unknown_9355933 - 31 ) / 325504         hosts->ht_local = lh;
 5505  
hosts->ht_local >= ( 8 * bytes_after(&$unknown_730838) - 31 ) / 325506         hp = hd_new(mh);
 5507         hp->hd_name = STRALLOC("?");   /* Null Pointer Dereference (ID: 262.28915) */
 5508         hex_inadport(argv[2], &hp->hd_sad);
hosts->ht_local >= ( $unknown_9356085 - 31 ) / 325509         hp->hd_mtu = atoi(argv[3]);
hosts->ht_local >= ( $unknown_9356109 - 31 ) / 325510         ht_insert(hosts, hp);
hosts->ht_local >= ( $unknown_9356125 - 31 ) / 325511         hd_unref(hp);
 5512  
hosts->ht_local >= ( $unknown_9356133 - 31 ) / 325513         hp = hd_new(0);
 5514         hp->hd_name = STRALLOC("pvmd'");   /* Null Pointer Dereference (ID: 261.28913) */
 5515         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 260.28911) */
hosts->ht_local >= ( $unknown_9356199 - 31 ) / 325516         hp->hd_mtu = pvmudpmtu;
hosts->ht_local >= ( $unknown_9356201 - 31 ) / 325517         hp->hd_dsig = pvmmydsig;
hosts->ht_local >= ( $unknown_9356203 - 31 ) / 325518         hex_inadport(argv[5], &hp->hd_sad);
 5519         ht_insert(hosts, hp);
hosts->ht_local >= ( $unknown_9356215 - 31 ) / 325520         hd_unref(hp);
 5521  
hosts->ht_local >= ( $unknown_9356219 - 31 ) / 325522         hp = hd_new(lh);
 5523         hp->hd_name = STRALLOC(hn);   /* Null Pointer Dereference (ID: 259.28909) */
 5524         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 260.28908) */
hosts->ht_local >= ( $unknown_9356283 - 31 ) / 325525         hp->hd_mtu = pvmudpmtu;
hosts->ht_local >= ( $unknown_9356285 - 31 ) / 325526         hp->hd_dsig = pvmmydsig;
hosts->ht_local >= ( $unknown_9356287 - 31 ) / 325527         hex_inadport(argv[5], &hp->hd_sad);
 5528         ht_insert(hosts, hp);
 5529         hd_unref(hp);
 5530  
hosts->ht_local >= ( 8 * bytes_after(hosts->ht_hosts) - 31 ) / 325531         if (i = mksocs()) {
     Enter slave_config / mksocs
 4834   mksocs() 
 4835   {
hosts->ht_local >= ( 8 * bytes_after(hosts->ht_hosts) - 31 ) / 324836           struct hostd *hp = hosts->ht_hosts[hosts->ht_local];     /* Buffer Overrun */  /* Buffer Underrun (ID: 22076.28905) */
     Exit slave_config / mksocs
Preconditions 
$param_2 >= 3
((char*)*$param_3)[20] != 58
((char*)&$heap_151043)[96] >= 0
((char*)&$heap_151043)[12] >= 0
Postconditions 
ac' = 6
argc' = 6
bad' = 0
$heap_151038' = 1
bytes_after(&$heap_151038)' = 32
$heap_151038' is allocated by malloc
$heap_151038' is allocated
bytes_before(&$heap_151038)' = 0
((char*)&$heap_151038)[16]' = $input_12
((char*)&$heap_151038)[20]' = $input_93932
((char*)&$heap_151038)[12]' = $input_12
bytes_after(&$heap_151040)' = 120
$heap_151040' is allocated by malloc
bytes_before(&$heap_151040)' = 0
((char*)&$heap_151040)[16]' = 0
((char*)&$heap_151040)[20]' = 0
((char*)&$heap_151040)[116]' = 0
bytes_after(&$heap_151041)' = 120
$heap_151041' is allocated by malloc
bytes_before(&$heap_151041)' = 0
((char*)&$heap_151041)[8]' = 0
((char*)&$heap_151041)[116]' = 0
bytes_after(&$heap_151042)' = 20
$heap_151042' is allocated by malloc
bytes_before(&$heap_151042)' = 0
((char*)&$heap_151042)[16]' = 0
((char*)&$heap_151042)[8]' = 0
((char*)&$heap_151042)[12]' = 0
$heap_151043' = 0
bytes_after(&$heap_151043)' = 124
$heap_151043' is allocated by malloc
$heap_151043' is freed
bytes_before(&$heap_151043)' = 0
((char*)&$heap_151043)[52]' = $input_93940
((char*)&$heap_151043)[56]' = 2
((char*)&$heap_151043)[72]' = 1
((char*)&$heap_151043)[76]' = 1
((char*)&$heap_151043)[80]' = &$heap_151041
((char*)&$heap_151043)[8]' = &$heap_151045
((char*)&$heap_151043)[84]' = &$heap_151044
((char*)&$heap_151043)[92]' = &$heap_151040
((char*)&$heap_151043)[100]' = 1
((char*)&$heap_151043)[108]' = 1000
((char*)&$heap_151043)[112]' = &$heap_151042
bytes_after(&$heap_151044)' = 120
$heap_151044' is allocated by malloc
bytes_before(&$heap_151044)' = 0
((char*)&$heap_151044)[16]' = 0
((char*)&$heap_151044)[4]' = &$heap_151044
$heap_151045' = 63
bytes_after(&$heap_151045)' = 2
$heap_151045' is allocated by malloc
bytes_before(&$heap_151045)' = 0
strlen(&$heap_151045)' = 1
tocttou($heap_151045)' = tocttou(#string176)
$heap_151046' = &$heap_151046
bytes_after(&$heap_151046)' = 120
$heap_151046' is allocated by malloc
$heap_151046' is allocated
bytes_before(&$heap_151046)' = 0
((char*)&$heap_151046)[16]' = 0
((char*)&$heap_151046)[20]' = 0
((char*)&$heap_151046)[4]' = &$heap_151046
((char*)&$heap_151046)[8]' = 0
((char*)&$heap_151046)[116]' = 0
((char*)&$heap_151046)[12]' = 0
$heap_151047' = 1
bytes_after(&$heap_151047)' = 124
$heap_151047' is allocated by malloc
bytes_before(&$heap_151047)' = 0
((char*)&$heap_151047)[44]' = pvmmydsig
((char*)&$heap_151047)[52]' = pvmudpmtu
((char*)&$heap_151047)[56]' = 2
((char*)&$heap_151047)[72]' = 1
((char*)&$heap_151047)[76]' = 1
((char*)&$heap_151047)[80]' = &$heap_151046
((char*)&$heap_151047)[8]' = &$heap_151050
((char*)&$heap_151047)[84]' = &$heap_151048
((char*)&$heap_151047)[92]' = &$heap_151049
((char*)&$heap_151047)[100]' = 1
((char*)&$heap_151047)[108]' = 1000
((char*)&$heap_151047)[112]' = 0
((char*)&$heap_151047)[12]' = &$heap_151051
$heap_151048' = &$heap_151048
bytes_after(&$heap_151048)' = 120
$heap_151048' is allocated by malloc
$heap_151048' is allocated
bytes_before(&$heap_151048)' = 0
((char*)&$heap_151048)[16]' = 0
((char*)&$heap_151048)[20]' = 0
((char*)&$heap_151048)[4]' = &$heap_151048
((char*)&$heap_151048)[8]' = 0
((char*)&$heap_151048)[116]' = 0
((char*)&$heap_151048)[12]' = 0
bytes_after(&$heap_151049)' = 120
$heap_151049' is allocated by malloc
$heap_151049' is allocated
bytes_before(&$heap_151049)' = 0
((char*)&$heap_151049)[16]' = 0
((char*)&$heap_151049)[20]' = 0
((char*)&$heap_151049)[8]' = 0
((char*)&$heap_151049)[116]' = 0
((char*)&$heap_151049)[12]' = 0
$heap_151050' = 112
bytes_after(&$heap_151050)' = 6
$heap_151050' is allocated by malloc
$heap_151050' is allocated
bytes_before(&$heap_151050)' = 0
strlen(&$heap_151050)' = 5
tocttou($heap_151050)' = tocttou(#string167)
$heap_151051' = *myarchname
bytes_after(&$heap_151051)' = strlen(myarchname) + 1
$heap_151051' is allocated by malloc
$heap_151051' is allocated
bytes_before(&$heap_151051)' = 0
strlen(&$heap_151051)' = strlen(myarchname)
tocttou($heap_151051)' = tocttou(*myarchname)
$heap_151052' = &$heap_151052
bytes_after(&$heap_151052)' = 120
$heap_151052' is allocated by malloc
$heap_151052' is allocated
bytes_before(&$heap_151052)' = 0
((char*)&$heap_151052)[16]' = 0
((char*)&$heap_151052)[20]' = 0
((char*)&$heap_151052)[4]' = &$heap_151052
((char*)&$heap_151052)[8]' = 0
((char*)&$heap_151052)[116]' = 0
((char*)&$heap_151052)[12]' = 0
bytes_after(&$heap_151053)' = 120
$heap_151053' is allocated by malloc
$heap_151053' is allocated
bytes_before(&$heap_151053)' = 0
((char*)&$heap_151053)[16]' = 0
((char*)&$heap_151053)[20]' = 0
((char*)&$heap_151053)[8]' = 0
((char*)&$heap_151053)[116]' = 0
((char*)&$heap_151053)[12]' = 0
$heap_151054' = 1
bytes_after(&$heap_151054)' = 124
$heap_151054' is allocated by malloc
bytes_before(&$heap_151054)' = 0
((char*)&$heap_151054)[44]' = pvmmydsig
((char*)&$heap_151054)[52]' = pvmudpmtu
((char*)&$heap_151054)[56]' = 2
((char*)&$heap_151054)[72]' = 1
((char*)&$heap_151054)[76]' = 1
((char*)&$heap_151054)[80]' = &$heap_151052
((char*)&$heap_151054)[8]' = &$heap_151056
((char*)&$heap_151054)[84]' = &$heap_151055
((char*)&$heap_151054)[92]' = &$heap_151053
((char*)&$heap_151054)[100]' = 1
((char*)&$heap_151054)[108]' = 1000
((char*)&$heap_151054)[112]' = 0
((char*)&$heap_151054)[12]' = &$heap_151057
$heap_151055' = &$heap_151055
bytes_after(&$heap_151055)' = 120
$heap_151055' is allocated by malloc
$heap_151055' is allocated
bytes_before(&$heap_151055)' = 0
((char*)&$heap_151055)[16]' = 0
((char*)&$heap_151055)[20]' = 0
((char*)&$heap_151055)[4]' = &$heap_151055
((char*)&$heap_151055)[8]' = 0
((char*)&$heap_151055)[116]' = 0
((char*)&$heap_151055)[12]' = 0
$heap_151056' = *hn
bytes_after(&$heap_151056)' = strlen(hn) + 1
$heap_151056' is allocated by malloc
$heap_151056' is allocated
bytes_before(&$heap_151056)' = 0
strlen(&$heap_151056)' = strlen(hn)
tocttou($heap_151056)' = tocttou(*hn)
$heap_151057' = *myarchname
bytes_after(&$heap_151057)' = strlen(myarchname) + 1
$heap_151057' is allocated by malloc
$heap_151057' is allocated
bytes_before(&$heap_151057)' = 0
strlen(&$heap_151057)' = strlen(myarchname)
tocttou($heap_151057)' = tocttou(*myarchname)
hosts' = &$heap_151038
hp' = &$heap_151054
i' = argc
lh' = $input_93932
mh' = $input_12



Change Warning 22077.28906 : Buffer Overrun

Priority:
State:
Finding:
Owner:
Note: