CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at lpvm.c:3104

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	354.29039
Procedure:	pvmbeatask
Trace:	view
Modified:	Thu Nov 26 11:30:00 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/lpvm.c

			Enter pvmbeatask

{

int sbf = 0, rbf = 0; /* saved rx and tx message handles */

3002

int prver; /* protocol version */

3003

int cookie; /* cookie assigned by pvmd for ident */

3004

int cc;

3005

char **ep=0;

3006

char authfn[PVMTMPNAMLEN]; /* auth file name */

3007

int authfd = -1; /* auth fd to validate pvmd ident */

3008

int i;

3009

char buf[16]; /* for converting sockaddr */

3010

char *p;

3011

struct pvmminfo minfo;

3012

int outtid, outctx, outtag;

3013

int trctid, trcctx, trctag;

3014

int need_trcinfo = 0;

3015

int new_tracer = 0;

3016

char tmask[ 2 * TEV_MASK_LENGTH ];

int tbuf, topt;

int mid;

#ifdef IMA_BEOLIN

struct hostent *hostaddr;

char namebuf[128];

#endif

TEV_DECLS

#ifdef WIN32

/* WSAStartup has to be called before any socket command

3027

can be executed. Why ? Ask Bill

3028

3029

for (ep=environ;*ep;ep++)

3030

pvmputenv(*ep);

3031

if (WSAStartup(0x0101, &WSAData) != 0)

3032

{

3033

fprintf(stderr,"\nWSAStartup() failed\n");

3034

ExitProcess(1);

3035

}

3036

/* setsockopt(INVALID_SOCKET,SOL_SOCKET,SO_OPENTYPE, */

3037

/* (char *)&nAlert,sizeof(int)); */

#endif

pvm_setopt(PvmDebugMask, -1);

if (pvmmytid != -1)

return 0;

pvmmydsig = pvmgetdsig();

TEV_EXCLUSIVE;

authfn[0] = 0;

#ifndef WIN32

pvmmyupid = getpid();

3054

#else

3055

pvmmyupid = _getpid(); /* .... */

#endif

* get expected pid from environment in case we were started by

3060

* the pvmd and someone forked again

3061

3062

3063

if (p = getenv("PVMEPID"))

cookie = atoi(p);

else

cookie = 0;

/* if ((pvm_useruid = getuid()) == -1) */

3069

3070

#ifndef WIN32

3071

if ((pvm_useruid = geteuid()) == -1) {

3072

pvmlogerror("can't getuid()\n");

cc = PvmSysErr;

goto bail2;

}

pvmchkuid( pvm_useruid );

3077

#else

3078

if (!username)

3079

username = MyGetUserName();

3080

#endif

3081

3082

if (p = getenv("PVMTASKDEBUG")) {

3083

pvmdebmask = pvmstrtoi(p );

3084

if (pvmdebmask) {

3085

pvmlogprintf("task debug mask is 0x%x (%s)\n",

3086

pvmdebmask, debug_flags (pvmdebmask ));

}

}

#ifndef IMA_MPP

if (cc = mksocs()) /* make socket to talk to pvmd */

goto bail2;

#endif

* initialize received-message list

3097

3098

3099

pvmrxlist = pmsg_new (1);

3100

BZERO((char*)pvmrxlist, sizeof(struct pmsg)); /* Null Pointer Dereference (ID: 22107.29040) */

3101

pvmrxlist->m_link = pvmrxlist->m_rlink = pvmrxlist;

3102

true

3103

ttlist = TALLOC(1, struct ttpcb, "tpcb");

ttlist <= 4095

3104

BZERO((char*)ttlist, sizeof(struct ttpcb)); /* Null Pointer Dereference */

Preconditions

&$unknown_1375794 != 0
&$unknown_1375796 = &$unknown_1375797 + 92
myfmt != -1
pvmmytid = -1
pvmtoplvl != 0
$input_12 >= 0
$input_298084 >= 0
$input_298092 != 48
$input_298100 = &$unknown_1375794

Postconditions

((char*)$unknown_1375797)[4]' = &$unknown_1375796
$unknown_1375796' = &freepmsgs.m_link
((char*)&$unknown_1375796)[4]' = ((char*)&$unknown_1375797)[4]
$unknown_1375797' = &$unknown_1375797
((char*)&$unknown_1375797)[16]' = 0
((char*)&$unknown_1375797)[20]' = 1
((char*)&$unknown_1375797)[24]' = 0
((char*)&$unknown_1375797)[28]' = 0
((char*)&$unknown_1375797)[32]' = 0
((char*)&$unknown_1375797)[36]' = 0
((char*)&$unknown_1375797)[40]' = 0
((char*)&$unknown_1375797)[4]' = &$unknown_1375797
((char*)&$unknown_1375797)[44]' = 0
((char*)&$unknown_1375797)[48]' = 0
((char*)&$unknown_1375797)[52]' = 0
((char*)&$unknown_1375797)[56]' = 0
((char*)&$unknown_1375797)[60]' = 0
((char*)&$unknown_1375797)[64]' = 0
((char*)&$unknown_1375797)[8]' = 0
authfd' = -1
authfn[0]' = 0
strlen(&authfn[0])' = 0
buf[0]' = 0
strlen(&buf[0])' = 0
cc' = 0
cookie' = $input_298076
ep' = 0
errno' != 0
freepmsgs.m_link' = &$unknown_1375797
freepmsgs.m_rlink' = &$unknown_1375796
$heap_348512' = $input_444
bytes_after(&$heap_348512)' = $input_12 + 1
$heap_348512' is allocated by malloc
$heap_348512' is a non-heap object
bytes_before(&$heap_348512)' = 0
strlen(&$heap_348512)' = $input_12
$heap_348513' = $input_298092
bytes_after(&$heap_348513)' = $input_298084 + 1
$heap_348513' is allocated by malloc
$heap_348513' is a non-heap object
bytes_before(&$heap_348513)' = 0
strlen(&$heap_348513)' = $input_298084
need_trcinfo' = 0
new_tracer' = 0
numpmsgs' = 49
p' = &$heap_348513
pvm_useruid' != -1
pvmampushed' = 0
pvmamtraced' = pvmtoplvl
pvmdebmask' = &$unknown_1375794
pvmmydsig' = myfmt
pvmrxlist' = &$unknown_1375797
pvmtoplvl' = 0
rbf' = 0
sbf' = 0
ttlist' = 0

Change Warning 354.29039 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: