CodeSonar : pvm3.4.6 : Null Pointer Dereference

pvm3.4.6 : pvm3.4.6 analysis 2 : Null Pointer Dereference at hoster.c:693

Categories:	LANG.MEM.NPD CWE:476
Warning ID:	77.28664
Procedure:	pl_startup
Trace:	view
Modified:	Thu Nov 26 11:27:18 2009 show details hide details

Priority:	None
State:	None
Finding:	None
Owner:	None
	edit properties

Legend	[ X ]
Warning Location Contributes Parse Error Other Warning Two or More Loop Iterations On Execution Path Comment Macro Preprocessor Include Keyword Preprocessed Away

Legend
Warning Location	Contributes	Parse Error
Other Warning	Two or More Loop Iterations	On Execution Path
Comment	Macro	Preprocessor
Include	Keyword	Preprocessed Away

Source | Language: C

Hide Legend

Problem	Line	Source

			/kat0/fletcher/SATE/2010/pvm3/src/hoster.c

			Enter pl_startup

480

pl_startup(num, hostlist)

481

int num;

482

struct hst **hostlist;

483

{

484

int nxth = 0; /* next host in list to start */

485

struct slot *slact = 0; /* active list of slots */

486

struct hst *hp;

487

struct slot *sp, *sp2;

488

struct timeval tnow;

489

struct timeval tout;

490

#ifdef FDSETNOTSTRUCT

491

fd_set rfds; /* emx headers */

#else

struct fd_set rfds;

#endif

int nfds;

int i;

int n;

char *p;

/* init slot free list */

501

502

slfree = &slots[RSHNPLL+1];

503

slfree->s_link = slfree->s_rlink = slfree;

504

slact = &slots[RSHNPLL];

505

slact->s_link = slact->s_rlink = slact;

506

for (i = RSHNPLL; i-- > 0; ) {

507

LISTPUTAFTER(slfree, &slots[i], s_link, s_rlink);

}

* keep at this until all hosts in table are completed

for (; ; ) {

* if empty slots, start on new hosts

for (; ; ) {

/* find a host for slot */

523

524

if (slfree->s_link != slfree && nxth < num)

525

hp = hostlist[nxth++];

else

break;

sp = slfree->s_link;

LISTDELETE(sp, s_link, s_rlink);

sp->s_hst = hp;

sp->s_len = 0;

sp->s_elen = 0;

if (pvmdebmask & PDMSTARTUP) {

535

pvmlogprintf("pl_startup() trying %s\n", hp->h_name );

}

phase1(sp );

if (hp->h_result) {

/* error or fully started (manual startup) */

540

541

if (pvmdebmask & PDMSTARTUP) {

542

pvmlogprintf(

543

"pl_startup() got result \"%s\" for %s phase1()\n",

544

hp->h_result, hp->h_name );

545

}

546

547

LISTPUTBEFORE(slfree, sp, s_link, s_rlink);

548

549

} else {

550

/* partially started */

551

552

LISTPUTBEFORE(slact, sp, s_link, s_rlink);

553

pvmgetclock(&sp->s_bail );

554

tout.tv_sec = RSHTIMEOUT;

555

tout.tv_usec = 0;

556

TVXADDY(&sp->s_bail, &sp->s_bail, &tout);

}

}

/* if no hosts in progress, we are finished */

561

562

if (slact->s_link == slact)

break;

* until next timeout, get output from any slot

FD_ZERO(&rfds);

nfds = 0;

TVCLEAR(&tout);

pvmgetclock(&tnow );

for (sp = slact->s_link; sp != slact; sp = sp->s_link) {

574

if (TVXLTY(&sp->s_bail, &tnow)) {

575

pvmlogprintf("pl_startup() giving up on host %s after %d secs\n",

576

sp->s_hst->h_name, RSHTIMEOUT );

577

sp->s_hst->h_result = STRALLOC("PvmCantStart"); /* Null Pointer Dereference (ID: 76.28666) */

sp2 = sp->s_rlink;

close_slot(sp );

sp = sp2;

continue;

}

if (!TVISSET(&tout) || TVXLTY(&sp->s_bail, &tout))

585

tout = sp->s_bail;

586

if (sp->s_rfd >= 0)

587

FD_SET(sp->s_rfd, &rfds);

588

if (sp->s_rfd > nfds)

589

nfds = sp->s_rfd;

590

if (sp->s_efd >= 0)

591

FD_SET(sp->s_efd, &rfds);

592

if (sp->s_efd > nfds)

nfds = sp->s_efd;

}

if (slact->s_link == slact)

break;

nfds++;

if (TVXLTY(&tnow, &tout)) {

602

TVXSUBY(&tout, &tout, &tnow);

} else {

TVCLEAR(&tout);

}

if (pvmdebmask & PDMSTARTUP) {

607

pvmlogprintf("pl_startup() select timeout is %d.%06d\n",

608

tout.tv_sec, tout.tv_usec );

609

}

610

if ((n = select(nfds,

611

#ifdef FDSETISINT

612

(int *)&rfds, (int *)0, (int *)0,

613

#else

614

(fd_set *)&rfds, (fd_set *)0, (fd_set *)0,

615

#endif

616

&tout)) == -1) { /* Uninitialized Variable (ID: 78.28665) */

617

if (errno != EINTR) {

618

pvmlogperror("pl_startup() select");

pvmbailout(0);

}

}

if (pvmdebmask & PDMSTARTUP) {

623

pvmlogprintf("pl_startup() select returns %d\n", n );

624

}

625

if (n < 1) {

626

if (n == -1 && errno != EINTR) {

627

pvmlogperror("pl_startup() select");

628

pvmbailout(0); /* XXX this is too harsh */

}

continue;

}

* check for response on stdout or stderr of any slave.

635

636

637

for (sp = slact->s_link; sp != slact; sp = sp->s_link) {

638

639

640

* stderr ready. log output with remote's host name.

641

642

if (sp->s_efd >= 0 && FD_ISSET(sp->s_efd, &rfds)) {

643

n = read(sp->s_efd, sp->s_ebuf + sp->s_elen,

644

sizeof(sp->s_ebuf) - sp->s_elen - 1);

645

if (n > 0) {

646

sp->s_elen += n;

647

sp->s_ebuf[sp->s_elen] = 0;

648

while (p = CINDEX(sp->s_ebuf, '\n')) {

649

*p = 0;

650

pvmlogprintf("stderr@%s: %s\n",

651

sp->s_hst->h_name, sp->s_ebuf );

652

p++;

653

sp->s_elen -= p - sp->s_ebuf;

654

if (sp->s_elen > 0) {

655

BCOPY(p, sp->s_ebuf, sp->s_elen);

656

sp->s_ebuf[sp->s_elen] = 0;

657

}

658

}

659

if (sp->s_elen == sizeof(sp->s_ebuf) - 1) {

660

pvmlogprintf("stderr@%s: %s\n",

661

sp->s_hst->h_name, sp->s_ebuf );

sp->s_elen = 0;

}

} else {

if (sp->s_elen > 0) {

667

pvmlogprintf("stderr@%s: %s\n",

668

sp->s_hst->h_name, sp->s_ebuf );

669

sp->s_elen = 0;

670

}

671

(void)close(sp->s_efd);

sp->s_efd = -1;

}

}

* stdout ready.

* look for a complete line starting with "ddpro".

679

680

if (sp->s_rfd >= 0 && FD_ISSET(sp->s_rfd, &rfds)) {

681

n = read(sp->s_rfd, sp->s_buf + sp->s_len,

682

sizeof(sp->s_buf) - sp->s_len - 1);

683

if (n > 0) {

684

sp->s_len += n;

685

sp->s_buf[sp->s_len] = 0;

686

while (p = CINDEX(sp->s_buf, '\n')) {

687

*p = 0;

688

if (!strncmp(sp->s_buf, "ddpro", 5)) {

689

if (pvmdebmask & PDMSTARTUP) {

690

pvmlogprintf("stdout@%s: %s\n",

691

sp->s_hst->h_name, sp->s_buf );

692

}

true

693

sp->s_hst->h_result = STRALLOC(sp->s_buf); /* Null Pointer Dereference */

break;

} else {

pvmlogprintf("stdout@%s: %s\n",

698

sp->s_hst->h_name, sp->s_buf );

699

p++;

700

sp->s_len -= p - sp->s_buf;

701

if (sp->s_len > 0) {

702

BCOPY(p, sp->s_buf, sp->s_len);

703

sp->s_buf[sp->s_len] = 0;

}

}

}

if (sp->s_len == sizeof(sp->s_buf) - 1) {

708

pvmlogprintf("stdout@%s: %s\n",

709

sp->s_hst->h_name, sp->s_buf );

sp->s_len = 0;

}

} else {

if (sp->s_len > 0) {

pvmlogprintf("stdout@%s: %s\n",

716

sp->s_hst->h_name, sp->s_buf );

sp->s_len = 0;

}

if (n) {

pvmlogprintf("stdout@%s",

721

sp->s_hst->h_name );

722

} else {

723

pvmlogprintf("stdout@%s: EOF\n",

724

sp->s_hst->h_name );

725

}

726

if (sp->s_elen > 0) {

727

pvmlogprintf("stderr@%s: %s\n",

728

sp->s_hst->h_name, sp->s_ebuf );

sp->s_elen = 0;

}

/* before failing, check for alternate WIN32 cmd */

733

if (sp->s_hst->h_wincmd) {

734

if (pvmdebmask & PDMSTARTUP) {

735

pvmlogprintf(

736

"pl_startup() re-trying %s as WIN32\n",

737

hp->h_name );

738

}

739

/* no need to free h_cmd, we're a pvmd'... */

740

sp->s_hst->h_cmd = sp->s_hst->h_wincmd;

741

sp->s_hst->h_wincmd = 0;

phase1(sp );

if (!(sp->s_hst->h_result)) {

746

/* partially started */

747

pvmgetclock(&sp->s_bail );

748

tout.tv_sec = RSHTIMEOUT;

749

tout.tv_usec = 0;

750

TVXADDY(&sp->s_bail, &sp->s_bail, &tout);

}

} else {

sp->s_hst->h_result = STRALLOC("PvmCantStart"); /* Null Pointer Dereference (ID: 76.28663) */

755

}

756

}

757

if (sp->s_hst->h_result) {

sp2 = sp->s_rlink;

close_slot(sp );

sp = sp2;

continue;

Preconditions

num >= 1
&$unknown_75989 != &slots[0].s_link + 3312
&$unknown_75997 != 0
&$unknown_75999 <= -1 * ((char*)$unknown_75994)[544] + 255
&$unknown_75999 >= 1
&slots[0].s_link != &$unknown_75991 - 2760
&slots[0].s_link != *$unknown_75994 - 2760
&slots[0].s_link != $unknown_75994 - 2760
((char*)$unknown_75994)[20] >= 0
((char*)$unknown_75994)[28] <= -1
((char*)$unknown_75994)[544] <= 254
strlen($unknown_75994) = 37
$unknown_75991 = &slots[0].s_link + 2760
$unknown_75991 >= 6856
((char*)&$unknown_75991)[16] <= -1
((char*)&$unknown_75991)[16] <= tnow.tv_usec - 1
((char*)&$unknown_75991)[24] != -1
((char*)&$unknown_75991)[28] = -1
$input_12 = &$unknown_75999
$input_12 >= 1
tnow.tv_usec <= 0

Postconditions

((char*)$unknown_75991)[4]' = ((char*)&$unknown_75991)[4]
((char*)$unknown_75994)[32]' != 10
((char*)$unknown_75991)[4]' = $unknown_75991
__result' = &$unknown_75997
((char*)&$unknown_75989)[544]' = 0
((char*)&$unknown_75989)[548]' = 0
$unknown_76000' = 0
strlen(&$unknown_76000)' = 0
codesonar_distance_tweak' = 2
errno' != 0
$heap_3747' = 80
bytes_after(&$heap_3747)' = 13
$heap_3747' is allocated by malloc
$heap_3747' is allocated
bytes_before(&$heap_3747)' = 0
strlen(&$heap_3747)' = 12
tocttou($heap_3747)' = tocttou(#string12)
i' = -1
n' = &$unknown_75999
nfds' = 1
nxth' = num
p' = &$unknown_76000
slact' = &slots[0].s_link + 2760
slfree' = &slots[0].s_link + 3312
slots[5].s_link' = &$unknown_75991
slots[6].s_link' = &$unknown_75989
sp' = $unknown_75994
tnow.tv_sec' <= -1

Change Warning 77.28664 : Null Pointer Dereference

Priority:
State:
Finding:
Owner:
Note: