Text  |   XML   |   Visible Warnings:

pvm3.4.6 : pvm3.4.6 analysis 2 : Integer Overflow of Allocation Size  at tdpro.c:1881

Categories: ALLOC.IOAS BSI:MALLOC-OVERFLOW CWE:680
Warning ID: 304.28981
Procedure: tm_mca
Trace: view
Modified: Thu Nov 26 11:29:22 2009   show details
 
Priority: None
State: None
Finding: None
Owner: None
  edit properties

Legend [ X ]
Warning Location
Contributes
Parse Error
Other Warning
Two or More Loop Iterations
On Execution Path
Comment
Macro
Preprocessor
Include
Keyword
Preprocessed Away
Legend
Warning Location Contributes Parse Error
Other Warning Two or More Loop Iterations On Execution Path
Comment Macro Preprocessor
Include Keyword Preprocessed Away

Source  |  Language: C Hide Legend     
ProblemLineSource
   /kat0/fletcher/SATE/2010/pvm3/src/tdpro.c
   Enter tm_mca
 1863 tm_mca(tp, mp) 
 1864         struct task *tp;
 1865         struct pmsg *mp;
 1866 {
 1867         struct mca *mcap;                       /* mca descriptor */ 
 1868         int ndst;                                       /* num of dst tids */ 
 1869         int *dsts;                                      /* dst tids */ 
 1870         int tid;
 1871         int i, j;
 1872  
 1873         /*
 1874         * unpack list of dst tids from message (expect it to be sorted).
 1875         * discard tids to nonexistent foreign hosts.
 1876         */ 
 1877  
 1878         mcap = mca_new();
 1879         mcap->mc_tid = TIDGID | tp->t_tid;   /* Null Pointer Dereference (ID: 305.28982) */
 1880         upkint(mp, &ndst);
true1881         dsts = TALLOC(ndst, int, "dsts");     /* Integer Overflow of Allocation Size */
Preconditions 
$input_12 = 0
Postconditions 
bytes_after(&$heap_334035)' = 20
$heap_334035' is allocated by malloc
$heap_334035' is allocated
bytes_before(&$heap_334035)' = 0
((char*)&$heap_334035)[16]' = 0
((char*)&$heap_334035)[12]' = 0
mcap' = &$heap_334035



Change Warning 304.28981 : Integer Overflow of Allocation Size

Priority:
State:
Finding:
Owner:
Note: