CodeSonar : pvm3.4.6 : Free Null Pointer

pvm3.4.6 : pvm3.4.6 analysis 2 : Free Null Pointer at cmds.c:2340

Categories:	ALLOC.FNP CWE:590
Warning ID:	526.29313
Procedure:	spawn_cmd
Trace:	view
Modified:	Thu Nov 26 11:37:05 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/console/cmds.c

			Enter spawn_cmd

spawn_cmd(ac, av)

int ac;

char **av;

{

int *tids = 0;

char *where = 0;

int flags = PvmNoSpawnParent;

int count = 1;

int i;

int oflg = 0;

int tflg = 0;

int app;

char *ofn = 0;

char *tfn = 0;

struct job *jp, *jp2;

2202

void status_msg();

2203

void event_dump_hdr();

2204

void output_dump_hdr();

2205

int fd;

2206

2207

while (av[1][0] == '-') {

2208

if (ac < 3) {

2209

fputs("incorrect arg count\n", stdout);

2210

return 1;

2211

}

2212

if (av[1][1] == '~') {

2213

flags |= PvmHostCompl;

2214

av[1]++;

2215

}

2216

if (av[1][1] == '.' || islower(av[1][1])) { /* Negative Character Value (ID: 17.28599) */

2217

where = av[1] + 1;

2218

flags |= PvmTaskHost;

}

if (av[1][1] == ':')

where = av[1] + 1;

if (isupper(av[1][1])) { /* Negative Character Value (ID: 18.28600) */

2223

where = av[1] + 1;

2224

flags |= PvmTaskArch;

2225

}

2226

if (av[1][1] == '?')

2227

flags |= PvmTaskDebug;

2228

if (isdigit(av[1][1])) /* Negative Character Value (ID: 19.28601) */

2229

count = atoi(av[1] + 1);

2230

if (av[1][1] == '>') {

oflg = 1;

app = 0;

ofn = av[1] + 2;

if (av[1][2] == '>') {

app = 1;

ofn++;

}

if (!*ofn)

ofn = 0;

printf("%s to %s\n", (app ? "Append" : "Write"),

2242

(ofn ? ofn : "(console)"));

2243

2244

}

2245

if (av[1][1] == '@') {

tflg = 1;

tfn = av[1] + 2;

if (!*tfn)

tfn = "";

}

/* gnu-like host (where) arg, allows IP's to be used... */

2252

if (av[1][1] == '-') {

2253

if ( !strncmp( &(av[1][2]), "host=", 5 ) ) {

2254

where = av[1] + 7;

2255

flags |= PvmTaskHost;

}

}

av++;

ac--;

}

if (tflg) {

jp2 = job_new (nextjob );

2263

jp2->j_flag |= JOB_TRACE;

2264

jp2->j_trcid = trc_get_tracer_id();

2265

jp2->j_trcid->status_msg = status_msg;

2266

if (tfn && !strcmp(tfn,""))

2267

jp2->j_trcid->event_dump_hdr = event_dump_hdr;

2268

if (oflg && !ofn) ofn = "";

2269

if (ofn)

2270

jp2->j_trcid->output_dump_hdr = output_dump_hdr;

2271

jp2->j_trcid->event_ctx = pvm_getcontext();

2272

jp2->j_trcid->event_tag = nextjob;

2273

jp2->j_trcid->output_ctx = pvm_getcontext();

2274

jp2->j_trcid->output_tag = nextjob + 1;

2275

trc_set_tracing_codes( jp2->j_trcid );

2276

printf("[%d]\n", nextjob - joboffset);

2277

nextjob += 2;

2278

trc_set_trace_file( jp2->j_trcid, tfn );

2279

if (!trc_reset_trace_file( jp2->j_trcid )) {

job_free(jp2 );

return 1;

}

trc_save_host_status_events( jp2->j_trcid );

2284

if (ofn) {

2285

trc_set_output_file( jp2->j_trcid, ofn );

2286

if (!trc_open_output_file( jp2->j_trcid )) {

job_free(jp2 );

return 1;

}

}

oflg = 0;

}

else {

pvm_setopt(PvmTraceTid, 0);

2295

2296

if (oflg) {

2297

pvm_setopt(PvmOutputTid, mytid );

2298

pvm_setopt(PvmOutputContext, pvm_getcontext());

2299

pvm_setopt(PvmOutputCode, nextjob );

2300

jp = job_new (nextjob );

2301

printf("[%d]\n", nextjob - joboffset);

...

if (!jp->j_ff) {

perror(ofn);

job_free(jp );

return 1;

}

}

} else

pvm_setopt(PvmOutputTid, 0);

}

tids = TALLOC(count > 1 ? count : 1, int, "int"); /* Integer Overflow of Allocation Size (ID: 525.29316) */

2328

if ((i = pvm_spawn(av[1], &av[2], flags, where, count, tids )) >= 0) {

if (oflg & !i)

job_free(jp );

if (tflg & !i)

job_free(jp2 );

printf("%d successful\n", i);

2334

for (i = 0; i < count; i++)

2335

if (tids[i] < 0) /* Uninitialized Variable (ID: 523.29315) */ /* Null Pointer Dereference (ID: 524.29314) */

2336

printf("%s\n", PVMERRMSG(tids[i]));

2337

else

2338

printf("t%x\n", tids[i]);

2339

}

tids <= 4095

2340

MY_FREE(tids); /* Free Null Pointer */

Preconditions

ac >= 4
&$unknown_12297780 <= ac
&$unknown_12297780 >= 4
&$unknown_12297781 >= av
&$unknown_12297782 != 0
&$unknown_12297783 != 0
&$unknown_12297790 != 0
&$unknown_12297795 != 0
&$unknown_12297796 >= 1
joblist->j_link->j_ff != 0
joblist->j_link->j_jid = nextjob
((char*)&((char*)$unknown_12297781)[8])[1] = 45
*av[1] = 45
strlen(av[1]) != 0
((char*)$unknown_12297781)[4] = 45
strlen(((char*)&$unknown_12297781)[4]) != 0
((char*)$unknown_12297781)[8] = 45
strlen(((char*)&$unknown_12297781)[8]) = 7
((char*)$unknown_12297781)[12] != 45
TRC_HOST_LIST >= 0
pvmtoplvl != 0

Postconditions

joblist->j_link->j_link->j_rlink' = joblist->j_link->j_rlink
joblist->j_link->j_trcid' = &$heap_446203
joblist->j_link->j_rlink' = 0
joblist->j_link->j_rlink->j_link' = joblist->j_link->j_link
*joblist->j_link->j_ff->_flags' is freed
joblist->j_link->j_link' = 0
*joblist->j_link' is freed
TRC_HOST_LIST' = &$unknown_12297791
TRC_ID_LIST' = &$heap_446203
ac' = &$unknown_12297780 - 2
av' = &$unknown_12297781 + 8
codesonar_distance_tweak' = 2
count' <= 0
errno' != 0
bytes_after(&$heap_446203)' = 96
$heap_446203' is allocated by malloc
bytes_before(&$heap_446203)' = 0
((char*)&$heap_446203)[40]' = &$heap_446205
bytes_after(&$heap_446205)' = strlen(&$unknown_12297785) + 1
$heap_446205' is allocated by malloc
$heap_446205' is allocated
bytes_before(&$heap_446205)' = 0
strlen(&$heap_446205)' = strlen(&$unknown_12297785)
i' = 0
jp2' = joblist->j_link
nextjob' = nextjob + 2
oflg' = 0
ofn' = &$unknown_12297785
tflg' = &$unknown_12297783
tfn' = &$unknown_12297784
tids' = 0
where' = ((char*)&$unknown_12297781)[8] + 7

Change Warning 526.29313 : Free Null Pointer

Priority:
State:
Finding:
Owner:
Note: