CodeSonar : pvm3.4.6 : Buffer Overrun

pvm3.4.6 : pvm3.4.6 analysis 2 : Buffer Overrun at trcfile.c:2477

Categories:

LANG.MEM.BO CWE:120 CWE:121 CWE:122 CWE:126

Warning ID:

471.29235

Similar Warnings:

471.29237

Procedure:

trc_read_trace_event

Trace:

view

Modified:

Thu Nov 26 11:36:24 2009 show details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/tracer/trcfile.c

			Enter trc_read_trace_event

2421

trc_read_trace_event( ID, eof )

TRC_ID ID;

int *eof;

{

TRC_TEVDESC TD;

char tmp[4096];

char c;

int entry_exit;

int dummy;

int index;

int code;

int flag;

int eid;

int ee;

int i;

*eof = TRC_FALSE;

if ( ID->trace_in == NULL )

return( TRC_FALSE );

while ( TRC_TRUE )

{

c = getc( ID->trace_in );

2447

2448

if ( c != (char) EOF )

{

switch ( c )

{

/* Record Descriptor Packet */

case '#':

{

/* Get event ID */

flag = fscanf( ID->trace_in, "%d", &code );

if ( flag != 1 )

{

printf( "Error Reading Event ID\n" );

return( TRC_FALSE );

}

/* Get event name */

if ( !trc_find_event_str( ID, "\"" ) )

return( TRC_FALSE );

i = 0;

while ( (c = getc( ID->trace_in )) != (char) EOF

2475

&& c != '"' && c != '(' )

2476

{

i > 4095

2477

tmp[i++] = c; /* Buffer Overrun */

2478

}

2479

2480

TRC_CKEOF( c, "EOF Reading Event Descriptor Name\n",

2481

return( TRC_FALSE ) );

2482

2483

tmp[i] = '\0'; /* Buffer Overrun (ID: 472.29236) */

/* PVM 3.4 Trace */

if ( c == '(' )

{

/* Decode event ID */

2490

2491

index = ( code / 1000 ) - 1;

2492

2493

eid = ( code - ((index + 1) * 1000) ) / 2;

2494

2495

ee = code - ((index + 1) * 1000) - (2 * eid);

2496

2497

/* Read in entry/exit or index value */

2498

2499

flag = fscanf( ID->trace_in, "%d", &dummy );

if ( flag != 1 )

{

printf( "Error Reading Event Index\n" );

return( TRC_FALSE );

}

/* Read in next char for parsing context */

2509

2510

c = getc( ID->trace_in );

2511

2512

TRC_CKEOF( c, "EOF Reading Event Descriptor\n",

2513

return( TRC_FALSE ) );

if ( c == '.' )

{

if ( ee != dummy )

{

printf( "Warning: " );

2520

printf( "Entry/Exit Mismatch " );

2521

printf( "%d != %d\n", ee, dummy );

2522

}

2523

2524

entry_exit = TRC_IGNORE_TEV;

2525

2526

if ( dummy == 0 )

2527

entry_exit = TRC_ENTRY_TEV;

2528

2529

else if ( dummy == 1 )

2530

entry_exit = TRC_EXIT_TEV;

2531

2532

flag = fscanf( ID->trace_in, "%d", &dummy );

if ( flag != 1 )

{

printf( "Error Reading Event Index\n" );

return( TRC_FALSE );

}

if ( index != dummy )

2542

{

2543

printf( "Warning: " );

2544

printf( "Descriptor Index Mismatch " );

2545

printf( "%d != %d\n", index, dummy );

index = dummy;

}

if ( !trc_find_event_str( ID, ")" ) )

return( TRC_FALSE );

}

else

{

entry_exit = TRC_IGNORE_TEV;

if ( ee == 1 )

{

printf( "Warning: " );

2561

printf( "Entry/Exit Mismatch " );

2562

printf( "%d != %d\n", ee, entry_exit );

2563

}

2564

2565

if ( index != dummy )

2566

{

2567

printf( "Warning: " );

2568

printf( "Descriptor Index Mismatch " );

2569

printf( "%d != %d\n", index, dummy );

index = dummy;

}

}

if ( !trc_find_event_str( ID, "\"" ) )

2576

return( TRC_FALSE );

2577

2578

if ( !(TD = trc_read_descriptor(

2579

ID, eid, tmp, entry_exit, index )) )

{

return( TRC_FALSE );

}

if ( ID->handle_descriptor )

2585

(ID->handle_descriptor)( ID, TD );

2586

}

2587

2588

/* PVM 3.3 Trace - Ignore Descriptor */

else

{

eid = code;

if ( tmp[ i - 1 ] == '0' ) /* Buffer Underrun (ID: 470.29234) */ /* Buffer Overrun (ID: 469.29233) */

2595

entry_exit = TRC_ENTRY_TEV;

2596

2597

else if ( tmp[ i - 1 ] == '1' ) /* Buffer Overrun (ID: 467.29231) */ /* Buffer Underrun (ID: 468.29232) */

2598

entry_exit = TRC_EXIT_TEV;

2599

2600

else

2601

entry_exit = TRC_IGNORE_TEV;

2602

2603

if ( !(TD = trc_read_descriptor(

2604

ID, eid, tmp, entry_exit, -1 )) )

{

return( TRC_FALSE );

}

if ( ID->handle_old_descriptor )

2610

(ID->handle_old_descriptor)( ID, TD );

}

break;

}

/* Record Data Packet */

case '"':

{

i = 0;

while ( (c = getc( ID->trace_in )) != (char) EOF

2623

&& c != '"' && c != '(' )

...

2695

{

2696

return(

2697

trc_process_old_trace_event( ID, tmp ) );

2698

}

2699

2700

/* break; unreachable */

}

/* Command Packet */

case '%':

{

tmp[0] = '%';

if ( !trc_find_event_end_ret( ID, tmp + 1, 4095 ) )

2710

return( TRC_FALSE );

2711

2712

if ( ID->handle_command )

2713

(ID->handle_command)( ID, tmp );

break;

}

/* Stream Attribute Packet */

case '/':

{

c = getc( ID->trace_in );

2723

2724

TRC_CKEOF( c, "EOF Reading Trace Comment\n",

2725

return( TRC_FALSE ) );

if ( c != '*' )

{

printf( "\nError Reading Trace File\n" );

2730

printf( "\t- '*' expected (/* */)\n\n" );

}

strcpy( tmp, "/*" );

if ( !trc_find_event_end_ret( ID, tmp + 2, 4094 ) )

2736

return( TRC_FALSE );

2737

2738

if ( ID->handle_comment )

2739

(ID->handle_comment)( ID, tmp );

break;

}

/* White Space */

case ' ':

case '\t':

case '\n':

{

break;

Preconditions

$input_653252 >= 1
$input_664580 = 35
$input_664596 = 1
$input_664604 != 34
$input_664604 != 40
$input_664604 <= 254
$input_664604 >= -1

Postconditions

$unknown_12091119' is allocated by fopen
bytes_before(&$unknown_12091119)' = 0
c' = $input_664604
code' = $input_664588
errno' != 0
flag' = $input_664596
i' = $input_653252 + 1

Change Warning 471.29235 : Buffer Overrun

Because they are very similar, this warning shares annotations with warning 471.29237.

Priority:
State:
Finding:
Owner:
Note: