Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : File System Race Condition  at pvmd.c:5431

Categories: IO.RACE CWE:367
Warning ID: 22079.28916
Procedure: master_config
Trace: view
Modified: Thu Nov 26 11:28:33 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/pvmd.c
   Enter master_config
 5317 master_config(hn, argc, argv) 
 5318         char *hn;                       /* hostname or null */ 
 5319         int argc;
 5320         char **argv;
 5321 {
 5322         struct hostent *he;
 5323         struct hostd *hp;
 5324         struct hostd *hp2;
 5325         int i;
 5326         char *s;
 5327  
 5328         if (argc > 2) {
 5329                 pvmlogerror("usage: pvmd3 [-ddebugmask] [-nhostname] [hostfile]\n");
 5330                 pvmbailout(0);
 5331         }
 5332         if (argc == 2) {
 5333                 filehosts = readhostfile(argv[1]);
 5334         }
 5335         else if (s = getenv("PVMHOSTFILE")) {
 5336                 filehosts = readhostfile(s);
 5337         }
 5338         if (pvmdebmask & PDMSTARTUP) {
 5339                 if (filehosts) {
 5340                         pvmlogerror("master_config() host file:\n");
 5341                         ht_dump(filehosts);
 5342  
 5343                 } else 
 5344                         pvmlogerror("master_config() null host file\n");
 5345         }
 5346  
 5347         hosts = ht_new(1);
 5348         hosts->ht_serial = 1;
 5349         hosts->ht_master = 1;
 5350         hosts->ht_cons = 1;
 5351         hosts->ht_local = 1;
 5352  
 5353         hp = hd_new(1);
 5354         hp->hd_name = STRALLOC(hn);   /* Null Pointer Dereference (ID: 265.28929) */
 5355         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 263.28928) */
 5356         hp->hd_mtu = pvmudpmtu;
 5357         hp->hd_dsig = pvmmydsig;
 5358         ht_insert(hosts, hp);
 5359         hd_unref(hp);
 5360  
 5361         hp = hd_new(0);
 5362         hp->hd_name = STRALLOC("pvmd'");   /* Null Pointer Dereference (ID: 264.28927) */
 5363         hp->hd_arch = STRALLOC(myarchname);   /* Null Pointer Dereference (ID: 263.28925) */
 5364         hp->hd_mtu = pvmudpmtu;
 5365         hp->hd_dsig = pvmmydsig;
 5366         ht_insert(hosts, hp);
 5367         hd_unref(hp);
 5368  
 5369         /*
 5370         * get attributes from host file if available 
 5371         */ 
 5372  
 5373         hp = hosts->ht_hosts[1];
 5374         if (filehosts &&
 5375                         ((hp2 = nametohost(filehosts, hp->hd_name)) 
 5376                         || (hp2 = filehosts->ht_hosts[0]))) {
 5377                 applydefaults(hp, hp2);
 5378         }
 5379  
 5380         if (!hp->hd_epath) {
 5381                 if ((s = getenv("PVM_PATH")))
 5382                         hp->hd_epath = STRALLOC(s);   /* Null Pointer Dereference (ID: 22087.28924) */
 5383                 else 
 5384                         hp->hd_epath = STRALLOC(DEFBINDIR);   /* Null Pointer Dereference (ID: 22086.28923) */
 5385         }
 5386         epaths = colonsep(varsub(hp->hd_epath));
 5387         if (!hp->hd_bpath)
 5388                 hp->hd_bpath = STRALLOC(DEFDEBUGGER);   /* Null Pointer Dereference (ID: 22083.28920) */
 5389         debugger = varsub(hp->hd_bpath);
 5390         if (!hp->hd_wdir) {
 5391                 if ((s = getenv("PVM_WD")))
 5392                         hp->hd_wdir = STRALLOC(s);   /* Null Pointer Dereference (ID: 22082.28919) */
 5393                 else 
 5394                         hp->hd_wdir = STRALLOC(pvmgethome());   /* Null Pointer Dereference (ID: 22081.28918) */
 5395         }
 5396         s = varsub(hp->hd_wdir);
 5397         if (chdir(s) == -1)
 5398                 pvmlogperror(s);
 5399         PVM_FREE(s);
 5400  
 5401         if (!(he = gethostbyname(hp->hd_aname ? hp->hd_aname : hp->hd_name))) {
 5402                 pvmlogprintf("master_config() %s: can't gethostbyname\n", hn);
 5403                 pvmbailout(0);
 5404         }
 5405  
 5406         BCOPY(he->h_addr_list[0], (char*)&hp->hd_sad.sin_addr,
 5407                 sizeof(struct in_addr));
 5408  
 5409         hp = hosts->ht_hosts[0];
 5410         BCOPY(he->h_addr_list[0], (char*)&hp->hd_sad.sin_addr,
 5411                 sizeof(struct in_addr));   /* Null Pointer Dereference (ID: 22080.28917) */
 5412  
 5413         if (pvmdebmask & (PDMHOST|PDMSTARTUP)) {
 5414                 pvmlogerror("master_config() host table:\n");
 5415                 ht_dump(hosts);
 5416         }
 5417  
 5418         if (mksocs())
 5419                 pvmbailout(0);
 5420  
 5421  
 5422 #ifndef WIN32 
 5423         /* close everything but our sockets */ 
 5424         for (i = getdtablesize(); --i > 2; )
 5425 /* XXX don't like this - hard to maintain */ 
 5426                 if (i != netsock && i != ppnetsock && i != loclsock && i != log_fd)
 5427                         (void)close(i);
 5428  
 5429         /* reopen 0, 1, 2*/ 
true5430         (void)open("/dev/null", O_RDONLY, 0);
#string1[0] is accessed by path name5431         (void)open("/dev/null", O_WRONLY, 0);     /* File System Race Condition */
Preconditions 
argc = 2
&$unknown_753172 >= 4
((char*)&((char*)((char*)$heap_187181)[28])[4])[116] != 0
$unknown_753165 != 58
hd = 0
((char*)&$heap_187181)[4] <= 1
$input_12 >= 0
$input_8476 >= 0
$input_8500 >= 0
Postconditions 
((char*)&((char*)((char*)$heap_187181)[28])[4])[24]' = &$heap_187196
((char*)&((char*)((char*)$heap_187181)[28])[4])[28]' = &$heap_187198
((char*)&((char*)((char*)$heap_187181)[28])[4])[32]' = &$heap_187199
((char*)&((char*)((char*)$heap_187181)[28])[4])[60]' = $input_8508
((char*)((char*)$heap_187181)[28])[60]' = $input_8508
$unknown_753169' is allocated by malloc
$unknown_753169' is freed
$unknown_753169' is accessed by path name
debugger' = &$unknown_753166
epaths' = &$heap_187197
filehosts' = 0
he' = &$heap_187200
$heap_187181' = 1
bytes_after(&$heap_187181)' = 32
$heap_187181' is allocated by malloc
$heap_187181' is allocated
bytes_before(&$heap_187181)' = 0
((char*)&$heap_187181)[16]' = 1
((char*)&$heap_187181)[20]' = 1
((char*)&$heap_187181)[24]' = 0
((char*)&$heap_187181)[8]' = ((char*)&$heap_187181)[8] + 1
((char*)&$heap_187181)[12]' = 1
bytes_after(&$heap_187182)' = 120
$heap_187182' is allocated by malloc
$heap_187182' is allocated
bytes_before(&$heap_187182)' = 0
((char*)&$heap_187182)[16]' = 0
((char*)&$heap_187182)[20]' = 0
((char*)&$heap_187182)[8]' = 0
((char*)&$heap_187182)[116]' = 0
((char*)&$heap_187182)[12]' = 0
bytes_after(&$heap_187183)' = 120
$heap_187183' is allocated by malloc
$heap_187183' is allocated
bytes_before(&$heap_187183)' = 0
((char*)&$heap_187183)[16]' = 0
((char*)&$heap_187183)[20]' = 0
((char*)&$heap_187183)[8]' = 0
((char*)&$heap_187183)[116]' = 0
((char*)&$heap_187183)[12]' = 0
bytes_after(&$heap_187184)' = 20
$heap_187184' is allocated by malloc
$heap_187184' is allocated
bytes_before(&$heap_187184)' = 0
((char*)&$heap_187184)[16]' = 0
((char*)&$heap_187184)[8]' = 0
((char*)&$heap_187184)[12]' = 0
bytes_after(&$heap_187185)' = 120
$heap_187185' is allocated by malloc
$heap_187185' is allocated
bytes_before(&$heap_187185)' = 0
((char*)&$heap_187185)[16]' = 0
((char*)&$heap_187185)[20]' = 0
((char*)&$heap_187185)[8]' = 0
((char*)&$heap_187185)[116]' = 0
((char*)&$heap_187185)[12]' = 0
$heap_187186' = 1
bytes_after(&$heap_187186)' = 124
$heap_187186' is allocated by malloc
bytes_before(&$heap_187186)' = 0
((char*)&$heap_187186)[44]' = pvmmydsig
((char*)&$heap_187186)[52]' = pvmudpmtu
((char*)&$heap_187186)[56]' = 2
((char*)&$heap_187186)[72]' = 1
((char*)&$heap_187186)[76]' = 1
((char*)&$heap_187186)[80]' = &$heap_187185
((char*)&$heap_187186)[8]' = &$heap_187187
((char*)&$heap_187186)[84]' = &$heap_187183
((char*)&$heap_187186)[92]' = &$heap_187182
((char*)&$heap_187186)[100]' = 1
((char*)&$heap_187186)[108]' = 1000
((char*)&$heap_187186)[112]' = &$heap_187184
((char*)&$heap_187186)[12]' = &$heap_187188
$heap_187187' = *hn
bytes_after(&$heap_187187)' = strlen(hn) + 1
$heap_187187' is allocated by malloc
$heap_187187' is allocated
bytes_before(&$heap_187187)' = 0
strlen(&$heap_187187)' = strlen(hn)
tocttou($heap_187187)' = tocttou(*hn)
$heap_187188' = *myarchname
bytes_after(&$heap_187188)' = strlen(myarchname) + 1
$heap_187188' is allocated by malloc
$heap_187188' is allocated
bytes_before(&$heap_187188)' = 0
strlen(&$heap_187188)' = strlen(myarchname)
tocttou($heap_187188)' = tocttou(*myarchname)
bytes_after(&$heap_187189)' = 120
$heap_187189' is allocated by malloc
$heap_187189' is allocated
bytes_before(&$heap_187189)' = 0
((char*)&$heap_187189)[16]' = 0
((char*)&$heap_187189)[20]' = 0
((char*)&$heap_187189)[8]' = 0
((char*)&$heap_187189)[116]' = 0
((char*)&$heap_187189)[12]' = 0
bytes_after(&$heap_187190)' = 20
$heap_187190' is allocated by malloc
$heap_187190' is allocated
bytes_before(&$heap_187190)' = 0
((char*)&$heap_187190)[16]' = 0
((char*)&$heap_187190)[8]' = 0
((char*)&$heap_187190)[12]' = 0
bytes_after(&$heap_187191)' = 120
$heap_187191' is allocated by malloc
$heap_187191' is allocated
bytes_before(&$heap_187191)' = 0
((char*)&$heap_187191)[16]' = 0
((char*)&$heap_187191)[20]' = 0
((char*)&$heap_187191)[8]' = 0
((char*)&$heap_187191)[116]' = 0
((char*)&$heap_187191)[12]' = 0
bytes_after(&$heap_187192)' = 120
$heap_187192' is allocated by malloc
$heap_187192' is allocated
bytes_before(&$heap_187192)' = 0
((char*)&$heap_187192)[16]' = 0
((char*)&$heap_187192)[20]' = 0
((char*)&$heap_187192)[8]' = 0
((char*)&$heap_187192)[116]' = 0
((char*)&$heap_187192)[12]' = 0
$heap_187193' = 1
bytes_after(&$heap_187193)' = 124
$heap_187193' is allocated by malloc
bytes_before(&$heap_187193)' = 0
((char*)&$heap_187193)[44]' = pvmmydsig
((char*)&$heap_187193)[52]' = pvmudpmtu
((char*)&$heap_187193)[56]' = 2
((char*)&$heap_187193)[72]' = 1
((char*)&$heap_187193)[76]' = 1
((char*)&$heap_187193)[80]' = &$heap_187192
((char*)&$heap_187193)[8]' = &$heap_187194
((char*)&$heap_187193)[84]' = &$heap_187191
((char*)&$heap_187193)[92]' = &$heap_187189
((char*)&$heap_187193)[100]' = 1
((char*)&$heap_187193)[108]' = 1000
((char*)&$heap_187193)[112]' = &$heap_187190
((char*)&$heap_187193)[12]' = &$heap_187195
$heap_187194' = 112
bytes_after(&$heap_187194)' = 6
$heap_187194' is allocated by malloc
$heap_187194' is allocated
bytes_before(&$heap_187194)' = 0
strlen(&$heap_187194)' = 5
tocttou($heap_187194)' = tocttou(#string167)
$heap_187195' = *myarchname
bytes_after(&$heap_187195)' = strlen(myarchname) + 1
$heap_187195' is allocated by malloc
$heap_187195' is allocated
bytes_before(&$heap_187195)' = 0
strlen(&$heap_187195)' = strlen(myarchname)
tocttou($heap_187195)' = tocttou(*myarchname)
$heap_187196' = 36
bytes_after(&$heap_187196)' = 49
$heap_187196' is allocated by malloc
$heap_187196' is allocated
bytes_before(&$heap_187196)' = 0
tocttou($heap_187196)' = tocttou(#string168)
$heap_187197' = &$unknown_753165
bytes_after(&$heap_187197)' = 8
$heap_187197' is allocated by malloc
$heap_187197' is allocated
bytes_before(&$heap_187197)' = 0
((char*)&$heap_187197)[4]' = 0
$heap_187198' = 36
bytes_after(&$heap_187198)' = 23
$heap_187198' is allocated by malloc
$heap_187198' is allocated
bytes_before(&$heap_187198)' = 0
tocttou($heap_187198)' = tocttou(#string170)
$heap_187199' = 47
bytes_after(&$heap_187199)' = strlen(&$unknown_753168) + 1
$heap_187199' is allocated by malloc
$heap_187199' is allocated
bytes_before(&$heap_187199)' = 0
tocttou($heap_187199)' = tocttou(#string17)
$heap_187200' = &$heap_187201
bytes_after(&$heap_187200)' = 1024
$heap_187200' is a non-heap object
bytes_before(&$heap_187200)' = 0
((char*)&$heap_187200)[16]' = &$heap_187203
((char*)&$heap_187200)[4]' = &$heap_187204
$heap_187201' = $input_444
bytes_after(&$heap_187201)' = $input_12 + 1
$heap_187201' is allocated by malloc
$heap_187201' is a non-heap object
bytes_before(&$heap_187201)' = 0
strlen(&$heap_187201)' = $input_12
$heap_187202' = $input_8508
bytes_after(&$heap_187202)' = $input_8500 + 1
$heap_187202' is allocated by malloc
$heap_187202' is a non-heap object
bytes_before(&$heap_187202)' = 0
strlen(&$heap_187202)' = $input_8500
$heap_187203' = &$heap_187202
$heap_187203' is a non-heap object
bytes_before(&$heap_187203)' = 0
$heap_187204' = &$heap_187205
$heap_187204' is a non-heap object
bytes_before(&$heap_187204)' = 0
$heap_187205' = $input_8484
bytes_after(&$heap_187205)' = $input_8476 + 1
$heap_187205' is allocated by malloc
$heap_187205' is a non-heap object
bytes_before(&$heap_187205)' = 0
strlen(&$heap_187205)' = $input_8476
$heap_187206' is allocated by open
$heap_187206' is allocated
hosts' = &$heap_187181
hp' = ((char*)$heap_187181)[28]
i' = 2
last_rv' = &$heap_187200
s' = &$unknown_753169



Change Warning 22079.28916 : File System Race Condition

Priority:
State:
Finding:
Owner:
Note: