several potential bugs of NULL Pointer Dereference/ Unchecked Return Value to NULL Pointer Dereference #27
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
hello,I found several potential bug in source code,would you help me check if these bugs are true?thank you very much.
there are several potential bugs of NULL Pointer Dereference :
=================================================================
step 1 :
In file pccts/antlr/antlr.c , function predOrExpr line 929 :
Select the false branch at this point (predExpr!=null is false)
step 2 :
In file pccts/antlr/antlr.c , function predOrExpr line 934 :
null assigned to tail reaches here
step 3 :
In file pccts/antlr/antlr.c , function predOrExpr line 935 :
Select the false branch at this point (zzasp<=0 is false)
step 4 :
In file pccts/antlr/antlr.c , function predOrExpr line 943 :
Store predExpr to *(tail)
===============================================================
step 1 :
In file pccts/support/set/set.c , function set_pdq line 785/787:
Return null to caller
step 2 :
In file pccts/dlg/output.c , function p_accept_table line 486 :
Function set_pdq executes and stores the return value to t (t can be null)
step 3 :
In file pccts/dlg/output.c , function p_accept_table line 490 :
Load value from *nfa_i
there are several potential bugs of Unchecked Return Value to NULL Pointer Dereference :
=================================================================
step 1 :
In file pccts/support/set/set.c , function set_val line 556 :
Store the allocated memory to a.setword (lacking failure check, 45 out of 91 memory allocations checked failures)
set_new is a defined in set.h
step 2 :
In file pccts/support/set/set.c , function set_val line 557 :
Load value from a.setword and assign to p
step 3 :
In file pccts/support/set/set.c , function set_val line 562 :
Store 0 to *p
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildAction line 116 :
Allocate memory to t (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/build.c , function buildAction line 118 :
Select the false branch at this point (u!=0 is false)
step 3 :
In file pccts/antlr/build.c , function buildAction line 128 :
Store 0 to *(t)
=================================================================
step 1 :
In file pccts/antlr/main.c , function makeAltID line 1713 :
Allocate memory to p (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/main.c, function makeAltID line 1714 :
p is used as the 1st parameter in function strcpy (p can be null)
=================================================================step 1 :
In file pccts/support/set/set.c , function set_of line 265 :
Store the allocated memory to a.setword (lacking failure check, 45 out of 91 memory allocations checked failures)
set_new is a defined in set.h
step 2 :
In file pccts/support/set/set.c , function set_of line 266 :
Store bitmask[MODWORD(b)] to a.setword[DIVWORD(b)]
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildAction line 116 :
Allocate memory to t (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/build.c , function buildAction line 123 :
Store *u to *t
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildWildCard line 213 :
Allocate memory to w (lacking failure check, 45 out of 91 memory allocations checked failures)
newTCnode is defined in generic.h
step 2 :
In file pccts/antlr/build.c , function buildWildCard line 214 :
Store the return value of function addTname to w->tok
=================================================================
step 1 :
In file pccts/antlr/egman.c, function arrayCheck line 237 :
Allocate memory to altArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 241 :
Store altArray[i] to altArrayNew[i]
=================================================================
step 1 :
In file pccts/antlr/main.c , function newUserAction line 1675 :
Store the allocated memory to ua->action (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/main.c , function newUserAction line 1676 :
ua->action is used as the 1st parameter in function strcpy (ua->action can be null)
=================================================================
step 1 :
In file pccts/antlr/egman.c , function arrayCheck line 233 :
Allocate memory to egArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 239 :
Store egArray[i] to egArrayNew[i]
=================================================================
step 1 :
In file pccts/antlr/egman.c , function arrayCheck line 235 :
Allocate memory to leArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 240 :
Store leArray[i] to leArrayNew[i]
The text was updated successfully, but these errors were encountered: