CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at tdpro.c:864

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	278.28949
Procedure:	tm_conn2
Trace:	view
Modified:	Thu Nov 26 11:29:04 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/tdpro.c

			Enter tm_conn2

tm_conn2(tp, mp)

struct task *tp;

struct pmsg *mp;

{

int tid;

int pid; /* real pid of task */

676

int cookie; /* cookie to identify task or 0 */

677

struct task *tp2; /* to search for existing context */

struct pmsg *mp2;

int cc;

char c;

char *taskname = (char *) NULL;

682

683

if (upkint(mp, &pid ) || upkint(mp, &cookie )) {

684

pvmlogerror("tm_conn2() bad msg format\n");

goto bail;

}

if (!cookie)

cookie = pid;

if (!(tp->t_flag & TF_AUTH)) {

691

pvmlogprintf("tm_conn2() message from t%x, TF_AUTH not set\n",

tp->t_tid );

return 0;

}

* check that task could write d-auth file

#ifndef NOPROT

if ((cc = read(tp->t_authfd, &c, 1)) == -1) {

703

pvmlogperror("tm_conn2() can't read d-auth file");

return 0;

}

if (cc != 1) {

pvmlogerror("tm_conn2() task didn't validate itself\n");

goto bail;

}

(void)close(tp->t_authfd);

713

tp->t_authfd = -1;

714

(void)unlink(tp->t_authnam);

#endif

PVM_FREE(tp->t_authnam);

tp->t_authnam = 0;

* if task spawned by us, already has a context,

* else make it one

if ((tp2 = task_findpid (cookie )) && !(tp2->t_flag & (TF_AUTH|TF_CONN))) {

727

if (pvmdebmask & PDMTASK) {

728

pvmlogprintf("tm_conn2() reconnect task t%x\n", tp2->t_tid );

729

}

730

tp->t_sched = tp2->t_sched;

731

732

#ifdef IMA_BEOLIN

733

} else if ( (tp2 = mpp_conn(tp))

734

&& !(tp2->t_flag & (TF_AUTH|TF_CONN)) ) {

735

if (pvmdebmask & PDMTASK) {

736

pvmlogprintf(

737

"tm_conn2() reconnect task t%x pid=%d name=%s\n",

738

tp2->t_tid,tp2->t_pid, tp2->t_a_out );

}

#endif

} else {

if ((tid = tid_new()) < 0) {

744

pvmlogerror("tm_conn2() out of tids?\n");

745

goto bail; /* XXX should disconnect nicely */

746

}

747

if ((tp2 = task_new (tid )) == NULL) {

748

pvmlogerror("tm_conn2() too many tasks?\n");

749

goto bail; /* XXX should disconnect nicely */

750

}

751

752

if ( !upkstralloc(mp, &taskname ) ) {

753

tp2->t_a_out = taskname;

}

if (pvmschedtid) {

/* inform the scheduler about the new task */

758

759

tp->t_sched = pvmschedtid;

mp2 = mesg_new (0);

pkint(mp2, 1);

pkint(mp2, tid );

mp2->m_tag = SM_EXECACK; /* XXX yecch, overload */ /* Null Pointer Dereference (ID: 280.28951) */

764

mp2->m_dst = pvmschedtid;

sendmessage(mp2 );

}

/* check for tracer */

769

if (pvmtracer.trctid && pvmtracer.trctag) {

770

tp2->t_trctid = pvmtracer.trctid;

771

tp2->t_trcctx = pvmtracer.trcctx;

772

tp2->t_trctag = pvmtracer.trctag;

773

/* Note: can't get the trace mask or trace buffer size

774

to task here, but this will be handled using mailbox */

775

776

/* trace start message */

777

/* XXX Note: we don't really know if we should send this

778

because this task could have prohibited tracing

779

by setting PvmSelfTraceTid to -1... */

780

tev_send_newtask(

781

pvmtracer.trctid, pvmtracer.trcctx, pvmtracer.trctag,

782

tid, -1, -1, tp->t_a_out ? tp->t_a_out : "-" );

783

}

784

if (pvmtracer.outtid && pvmtracer.outtag) {

785

tp2->t_outtid = pvmtracer.outtid;

786

tp2->t_outctx = pvmtracer.outctx;

787

tp2->t_outtag = pvmtracer.outtag;

788

789

/* output start message */

790

/* Note: same deal here as for TEV_NEWTASK above... */

791

mp2 = mesg_new (0);

792

mp2->m_dst = pvmtracer.outtid; /* Null Pointer Dereference (ID: 279.28950) */

793

mp2->m_ctx = pvmtracer.outctx;

794

mp2->m_tag = pvmtracer.outtag;

pkint(mp2, tid );

pkint(mp2, TO_NEW );

pkint(mp2, -1);

sendmessage(mp2 );

}

if (pvmdebmask & PDMTASK) {

802

pvmlogprintf("tm_conn2() new task t%x\n", tp2->t_tid );

}

}

* brundle-fly the contexts together

808

809

810

tp2->t_sock = tp->t_sock;

811

tp2->t_sad = tp->t_sad;

812

tp2->t_salen = tp->t_salen;

813

814

#ifdef NOPROT

815

if (!TIDISNODE(tp2->t_tid)) {

816

if (pvmdebmask & PDMTASK) {

817

pvmlogprintf( "Setting pid of t%x to %d, same as t%x\n",

818

tp2->t_tid, tp->t_pid, tp->t_tid );

819

}

820

task_setpid(tp2, tp->t_pid);

821

}

822

#else

823

if (tp2->t_pid != pid)

824

task_setpid(tp2, pid );

825

#endif

826

827

tp2->t_rxp = tp->t_rxp;

828

tp2->t_sched = tp->t_sched;

829

tp->t_sock = -1; /* tp will be freed by loclinput() */

tp->t_rxp = 0;

tp = tp2;

if (cookie != pid)

tp->t_flag &= ~TF_FORKD;

834

835

836

* kick it in the butt; it's ready to go

837

838

839

tp->t_flag &= ~TF_AUTH;

840

tp->t_flag |= TF_CONN;

841

true

842

mp = replymessage (mp );

843

pkint(mp, 1);

844

pkint(mp, tp->t_tid );

845

pkint(mp, tp->t_ptid );

846

pkint(mp, tp->t_outtid );

847

pkint(mp, tp->t_outctx );

848

pkint(mp, tp->t_outtag );

849

pkint(mp, tp->t_trctid );

850

pkint(mp, tp->t_trcctx );

851

pkint(mp, tp->t_trctag );

852

pkint(mp, pvmudpmtu );

853

pkint(mp, pvmmydsig );

854

#ifdef IMA_BEOLIN

855

if (TIDISNODE(tp->t_tid))

856

/* on a node, use the address that came from nodeaddr[] */

857

pkstr(mp, inadport_hex(&(tp->t_sad)));

858

else

859

pkstr(mp, inadport_hex(&(hosts->ht_hosts[hosts->ht_local]->hd_sad)));

860

#else

861

pkstr(mp, inadport_hex (&(hosts->ht_hosts[hosts->ht_local]->hd_sad)));

862

#endif

863

pkint(mp, pvmschedtid );

mp <= 4095

864

mp->m_dst = tp->t_tid; /* Null Pointer Dereference */

Preconditions

&$unknown_837632 != 0
&$unknown_837632 != ((char*)&$unknown_837635)[28]
&$unknown_837632 >= locltasks->t_plink->t_pid + 1
&$unknown_837633 != locltasks
&$unknown_837637 = &$unknown_837638 - 92
tp->t_authfd >= 0
tp->t_a_out = 0
locltasks->t_plink != locltasks
numpmsgs = 0
pvmschedtid = 0
pvmtracer.trctid != 0
pvmtracer.outtag != 0
pvmtracer.trctag != 0
pvmtracer.outtid != 0
$input_12 = 1
$input_852 = 0

Postconditions

strlen(&$unknown_837635)' = strlen(tp)
((char*)&$unknown_837635)[32]' = tp->t_sock
((char*)&$unknown_837635)[36]' = tp->t_sad.sin_family
((char*)&$unknown_837635)[38]' = tp->t_sad.sin_port
((char*)&$unknown_837635)[40]' = tp->t_sad.sin_addr.s_addr
((char*)&$unknown_837635)[44]' = tp->t_sad.sin_zero[0]
((char*)&$unknown_837635)[52]' = tp->t_salen
((char*)&$unknown_837635)[64]' = tp->t_rxp
((char*)&$unknown_837635)[92]' = pvmtracer.outtid
((char*)&$unknown_837635)[96]' = pvmtracer.outctx
((char*)&$unknown_837635)[100]' = pvmtracer.outtag
((char*)&$unknown_837635)[104]' = pvmtracer.trctid
((char*)&$unknown_837635)[108]' = pvmtracer.trcctx
((char*)&$unknown_837635)[112]' = pvmtracer.trctag
((char*)&$unknown_837635)[116]' = tp->t_sched
((char*)&$unknown_837638)[4]' = ((char*)&$unknown_837637)[4]
atnewline' = 1
strlen(&buf[0])' = 17
buf[17]' = 0
c' = $input_868
strlen(&c)' = $input_852
cc' = $input_12
cookie' = &$unknown_837632
errno' != 0
freepmsgs.m_link' = &freepmsgs.m_link
freepmsgs.m_rlink' = &freepmsgs.m_link
mp' = 0
mp2' = &$unknown_837637
numpmsgs' = 0
pid' = ((char*)&$unknown_837635)[28]
taskname' = 0
tid' >= 0
tmbuf.tm_sec' = &$unknown_837648
tp' = &$unknown_837635
tp2' = &$unknown_837635

Change Warning 278.28949 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: