CodeSonar : pvm3.4.6 : Integer Overflow of Allocation Size

Home › pvm3.4.6 › pvm3.4.6 analysis 2 › Warning 426.29175

pvm3.4.6 : pvm3.4.6 analysis 2 : Integer Overflow of Allocation Size at trcutil.c:1631

Categories:	ALLOC.IOAS BSI:MALLOC-OVERFLOW CWE:680
Warning ID:	426.29175
Procedure:	trc_make_value
Trace:	view
Modified:	Thu Nov 26 11:35:38 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/tracer/trcutil.c

			Enter trc_make_value

trc_make_value( dt, num )

int dt;

int num;

{

TRC_VALUE tmp;

int i;

if ( num < 1 )

return( (TRC_VALUE) NULL );

tmp = (TRC_VALUE) NULL;

switch ( dt )

{

case TEV_DATA_NULL: break;

case TEV_DATA_BYTE:

{

tmp = (TRC_VALUE) malloc( (unsigned) num * sizeof( char ) );

trc_memcheck( tmp, "Character Data Pointer" );

break;

}

...

case TEV_DATA_CPLX:

case TEV_DATA_FLOAT:

{

tmp = (TRC_VALUE) malloc( (unsigned) num

* sizeof( float ) ); /* Integer Overflow of Allocation Size (ID: 425.29174) */

trc_memcheck( tmp, "Float Data Pointer" );

break;

}

case TEV_DATA_INT:

case TEV_DATA_UINT:

{

tmp = (TRC_VALUE) malloc( (unsigned) num * sizeof( int ) ); /* Integer Overflow of Allocation Size */

Preconditions

dt = 6
num >= 1
$input_12 = 0

Postconditions

tmp' = 0

Change Warning 426.29175 : Integer Overflow of Allocation Size

Priority:
State:
Finding:
Owner:
Note:

www.grammatech.com processed in 0.58 seconds on Wed Dec 2 09:51:40 2009