CodeSonar : pvm3.4.6 : Integer Overflow of Allocation Size

Home › pvm3.4.6 › pvm3.4.6 analysis 2 › Warning 562.29247

pvm3.4.6 : pvm3.4.6 analysis 2 : Integer Overflow of Allocation Size at trcutil.c:1787

Categories:	ALLOC.IOAS BSI:MALLOC-OVERFLOW CWE:680
Warning ID:	562.29247
Procedure:	trc_copy_value
Trace:	view
Modified:	Thu Nov 26 11:36:26 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/tracer/trcutil.c

			Enter trc_copy_value

trc_copy_value( V, dt, num )

int dt;

int num;

{

TRC_VALUE tmp;

int i;

if ( V == NULL || num < 1 )

return( (TRC_VALUE) NULL );

tmp = (TRC_VALUE) NULL;

switch ( dt )

{

case TEV_DATA_NULL: break;

case TEV_DATA_BYTE:

{

tmp = (TRC_VALUE) malloc( (unsigned) num * sizeof( char ) );

trc_memcheck( tmp, "Character Data Pointer" );

for ( i=0 ; i < num ; i++ )

{

...

for ( i=0 ; i < num ; i++ )

{

TRC_ARR_VALUE_OF( tmp, long, i ) =

TRC_ARR_VALUE_OF( V, long, i );

}

break;

}

case TEV_DATA_SHORT:

case TEV_DATA_USHORT:

{

tmp = (TRC_VALUE) malloc( (unsigned) num

* sizeof( short ) ); /* Integer Overflow of Allocation Size */

Preconditions

V != 0
dt = 11
num >= 1
$input_12 = 0

Postconditions

tmp' = 0

Change Warning 562.29247 : Integer Overflow of Allocation Size

Priority:
State:
Finding:
Owner:
Note:

www.grammatech.com processed in 0.55 seconds on Wed Dec 2 09:52:25 2009