Bug Summary

File:protosetup.c
Location:line 213, column 7
Description:Null pointer argument in call to string copy function

Annotated Source Code

1/******************************************************************************
2
3
4Copyright 1993, 1998 The Open Group
5
6Permission to use, copy, modify, distribute, and sell this software and its
7documentation for any purpose is hereby granted without fee, provided that
8the above copyright notice appear in all copies and that both that
9copyright notice and this permission notice appear in supporting
10documentation.
11
12The above copyright notice and this permission notice shall be included in
13all copies or substantial portions of the Software.
14
15THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18OPEN GROUP BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
19AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
20CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
21
22Except as contained in this notice, the name of The Open Group shall not be
23used in advertising or otherwise to promote the sale, use or other dealings
24in this Software without prior written authorization from The Open Group.
25
26Author: Ralph Mor, X Consortium
27******************************************************************************/
28
29#ifdef HAVE_CONFIG_H1
30#include <config.h>
31#endif
32#include <X11/ICE/ICElib.h>
33#include "ICElibint.h"
34
35
36IceProtocolSetupStatus
37IceProtocolSetup (
38 IceConn iceConn,
39 int myOpcode,
40 IcePointer clientData,
41 Boolint mustAuthenticate,
42 int *majorVersionRet,
43 int *minorVersionRet,
44 char **vendorRet,
45 char **releaseRet,
46 int errorLength,
47 char *errorStringRet
48)
49{
50 iceProtocolSetupMsg *pMsg;
51 char *pData;
52 _IceProtocol *myProtocol;
53 int extra;
54 Boolint gotReply, ioErrorOccured;
55 int accepted, i;
56 int hisOpcode;
57 unsigned long setup_sequence;
58 IceReplyWaitInfo replyWait;
59 _IceReply reply;
60 IcePoVersionRec *versionRec = NULL((void*)0);
61 int authCount;
62 int *authIndices;
63
64 if (errorStringRet && errorLength > 0)
1
Assuming pointer value is null
65 *errorStringRet = '\0';
66
67 *majorVersionRet = 0;
68 *minorVersionRet = 0;
69 *vendorRet = NULL((void*)0);
70 *releaseRet = NULL((void*)0);
71
72 if (myOpcode < 1 || myOpcode > _IceLastMajorOpcode)
2
Assuming 'myOpcode' is >= 1
3
Taking false branch
73 {
74 strncpy (errorStringRet, "myOpcode out of range", errorLength)__builtin___strncpy_chk (errorStringRet, "myOpcode out of range"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
;
75 return (IceProtocolSetupFailure);
76 }
77
78 myProtocol = &_IceProtocols[myOpcode - 1];
79
80 if (myProtocol->orig_client == NULL((void*)0))
4
Taking false branch
81 {
82 strncpy (errorStringRet,__builtin___strncpy_chk (errorStringRet, "IceRegisterForProtocolSetup was not called"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
83 "IceRegisterForProtocolSetup was not called", errorLength)__builtin___strncpy_chk (errorStringRet, "IceRegisterForProtocolSetup was not called"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
;
84 return (IceProtocolSetupFailure);
85 }
86
87
88 /*
89 * Make sure this protocol hasn't been activated already.
90 */
91
92 if (iceConn->process_msg_info)
5
Taking false branch
93 {
94 for (i = iceConn->his_min_opcode; i <= iceConn->his_max_opcode; i++)
95 {
96 if (iceConn->process_msg_info[
97 i - iceConn->his_min_opcode].in_use &&
98 iceConn->process_msg_info[
99 i - iceConn->his_min_opcode ].my_opcode == myOpcode)
100 break;
101 }
102
103 if (i <= iceConn->his_max_opcode)
104 {
105 return (IceProtocolAlreadyActive);
106 }
107 }
108
109 /*
110 * Generate the message.
111 */
112
113 if (myProtocol->orig_client->auth_count > 0)
6
Taking false branch
114 {
115 authIndices = malloc (
116 myProtocol->orig_client->auth_count * sizeof (int));
117
118 _IceGetPoValidAuthIndices (myProtocol->protocol_name,
119 iceConn->connection_string,
120 myProtocol->orig_client->auth_count,
121 (const char **) myProtocol->orig_client->auth_names,
122 &authCount, authIndices);
123
124 }
125 else
126 {
127 authCount = 0;
128 authIndices = NULL((void*)0);
129 }
130
131 extra = STRING_BYTES (myProtocol->protocol_name)(2 + strlen (myProtocol->protocol_name) + ((4 - ((unsigned
int) (2 + strlen (myProtocol->protocol_name)) % 4)) % 4))
+
132 STRING_BYTES (myProtocol->orig_client->vendor)(2 + strlen (myProtocol->orig_client->vendor) + ((4 - (
(unsigned int) (2 + strlen (myProtocol->orig_client->vendor
)) % 4)) % 4))
+
133 STRING_BYTES (myProtocol->orig_client->release)(2 + strlen (myProtocol->orig_client->release) + ((4 - (
(unsigned int) (2 + strlen (myProtocol->orig_client->release
)) % 4)) % 4))
;
134
135 for (i = 0; i < authCount; i++)
7
Loop condition is false. Execution continues on line 141
136 {
137 extra += STRING_BYTES (myProtocol->orig_client->auth_names[(2 + strlen (myProtocol->orig_client->auth_names[ authIndices
[i]]) + ((4 - ((unsigned int) (2 + strlen (myProtocol->orig_client
->auth_names[ authIndices[i]])) % 4)) % 4))
138 authIndices[i]])(2 + strlen (myProtocol->orig_client->auth_names[ authIndices
[i]]) + ((4 - ((unsigned int) (2 + strlen (myProtocol->orig_client
->auth_names[ authIndices[i]])) % 4)) % 4))
;
139 }
140
141 extra += (myProtocol->orig_client->version_count * 4);
142
143 IceGetHeaderExtra (iceConn, 0, ICE_ProtocolSetup,if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra)
+ 7)) >> 3)) << 3)) > iceConn->outbufmax) IceFlush
(iceConn); pMsg = (iceProtocolSetupMsg *) iceConn->outbufptr
; if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)) <= iceConn->outbufmax
) pData = (char *) pMsg + 16; else pData = ((void*)0); pMsg->
majorOpcode = 0; pMsg->minorOpcode = 7; pMsg->length = (
(16 - 8) >> 3) + ((((unsigned int) ((extra) + 7)) >>
3)); iceConn->outbufptr += (16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)); iceConn->send_sequence++
144 SIZEOF (iceProtocolSetupMsg), WORD64COUNT (extra),if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra)
+ 7)) >> 3)) << 3)) > iceConn->outbufmax) IceFlush
(iceConn); pMsg = (iceProtocolSetupMsg *) iceConn->outbufptr
; if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)) <= iceConn->outbufmax
) pData = (char *) pMsg + 16; else pData = ((void*)0); pMsg->
majorOpcode = 0; pMsg->minorOpcode = 7; pMsg->length = (
(16 - 8) >> 3) + ((((unsigned int) ((extra) + 7)) >>
3)); iceConn->outbufptr += (16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)); iceConn->send_sequence++
145 iceProtocolSetupMsg, pMsg, pData)if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra)
+ 7)) >> 3)) << 3)) > iceConn->outbufmax) IceFlush
(iceConn); pMsg = (iceProtocolSetupMsg *) iceConn->outbufptr
; if ((iceConn->outbufptr + 16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)) <= iceConn->outbufmax
) pData = (char *) pMsg + 16; else pData = ((void*)0); pMsg->
majorOpcode = 0; pMsg->minorOpcode = 7; pMsg->length = (
(16 - 8) >> 3) + ((((unsigned int) ((extra) + 7)) >>
3)); iceConn->outbufptr += (16 + (((((unsigned int) ((extra
) + 7)) >> 3)) << 3)); iceConn->send_sequence++
;
146
147 setup_sequence = iceConn->send_sequence;
148
149 pMsg->protocolOpcode = myOpcode;
150 pMsg->versionCount = myProtocol->orig_client->version_count;
151 pMsg->authCount = authCount;
152 pMsg->mustAuthenticate = mustAuthenticate;
153
154 STORE_STRING (pData, myProtocol->protocol_name){ CARD16 _len = (CARD16) strlen (myProtocol->protocol_name
); { *((CARD16 *) pData) = _len; pData += 2; }; __builtin___memcpy_chk
(pData, myProtocol->protocol_name, _len, __builtin_object_size
(pData, 0)); pData += _len; if (((4 - ((unsigned int) (2 + _len
) % 4)) % 4)) pData += ((4 - ((unsigned int) (2 + _len) % 4))
% 4); }
;
155 STORE_STRING (pData, myProtocol->orig_client->vendor){ CARD16 _len = (CARD16) strlen (myProtocol->orig_client->
vendor); { *((CARD16 *) pData) = _len; pData += 2; }; __builtin___memcpy_chk
(pData, myProtocol->orig_client->vendor, _len, __builtin_object_size
(pData, 0)); pData += _len; if (((4 - ((unsigned int) (2 + _len
) % 4)) % 4)) pData += ((4 - ((unsigned int) (2 + _len) % 4))
% 4); }
;
156 STORE_STRING (pData, myProtocol->orig_client->release){ CARD16 _len = (CARD16) strlen (myProtocol->orig_client->
release); { *((CARD16 *) pData) = _len; pData += 2; }; __builtin___memcpy_chk
(pData, myProtocol->orig_client->release, _len, __builtin_object_size
(pData, 0)); pData += _len; if (((4 - ((unsigned int) (2 + _len
) % 4)) % 4)) pData += ((4 - ((unsigned int) (2 + _len) % 4))
% 4); }
;
157
158 for (i = 0; i < authCount; i++)
8
Loop condition is false. Execution continues on line 164
159 {
160 STORE_STRING (pData, myProtocol->orig_client->auth_names[{ CARD16 _len = (CARD16) strlen (myProtocol->orig_client->
auth_names[ authIndices[i]]); { *((CARD16 *) pData) = _len; pData
+= 2; }; __builtin___memcpy_chk (pData, myProtocol->orig_client
->auth_names[ authIndices[i]], _len, __builtin_object_size
(pData, 0)); pData += _len; if (((4 - ((unsigned int) (2 + _len
) % 4)) % 4)) pData += ((4 - ((unsigned int) (2 + _len) % 4))
% 4); }
161 authIndices[i]]){ CARD16 _len = (CARD16) strlen (myProtocol->orig_client->
auth_names[ authIndices[i]]); { *((CARD16 *) pData) = _len; pData
+= 2; }; __builtin___memcpy_chk (pData, myProtocol->orig_client
->auth_names[ authIndices[i]], _len, __builtin_object_size
(pData, 0)); pData += _len; if (((4 - ((unsigned int) (2 + _len
) % 4)) % 4)) pData += ((4 - ((unsigned int) (2 + _len) % 4))
% 4); }
;
162 }
163
164 for (i = 0; i < myProtocol->orig_client->version_count; i++)
9
Loop condition is false. Execution continues on line 172
165 {
166 STORE_CARD16 (pData,{ *((CARD16 *) pData) = myProtocol->orig_client->version_recs
[i].major_version; pData += 2; }
167 myProtocol->orig_client->version_recs[i].major_version){ *((CARD16 *) pData) = myProtocol->orig_client->version_recs
[i].major_version; pData += 2; }
;
168 STORE_CARD16 (pData,{ *((CARD16 *) pData) = myProtocol->orig_client->version_recs
[i].minor_version; pData += 2; }
169 myProtocol->orig_client->version_recs[i].minor_version){ *((CARD16 *) pData) = myProtocol->orig_client->version_recs
[i].minor_version; pData += 2; }
;
170 }
171
172 IceFlush (iceConn);
173
174
175 /*
176 * Process messages until we get a Protocol Reply.
177 */
178
179 replyWait.sequence_of_request = setup_sequence;
180 replyWait.major_opcode_of_request = 0;
181 replyWait.minor_opcode_of_request = ICE_ProtocolSetup7;
182 replyWait.reply = (IcePointer) &reply;
183
184 iceConn->protosetup_to_you = malloc (sizeof (_IceProtoSetupToYouInfo));
185 iceConn->protosetup_to_you->my_opcode = myOpcode;
186 iceConn->protosetup_to_you->my_auth_count = authCount;
187 iceConn->protosetup_to_you->auth_active = 0;
188 iceConn->protosetup_to_you->my_auth_indices = authIndices;
189
190 gotReply = False0;
191 ioErrorOccured = False0;
192 accepted = 0;
193
194 while (!gotReply && !ioErrorOccured)
10
Loop condition is true. Entering loop body
195 {
196 ioErrorOccured = (IceProcessMessages (
197 iceConn, &replyWait, &gotReply) == IceProcessMessagesIOError);
198
199 if (ioErrorOccured)
11
Taking false branch
200 {
201 strncpy (errorStringRet,__builtin___strncpy_chk (errorStringRet, "IO error occured doing Protocol Setup on connection"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
202 "IO error occured doing Protocol Setup on connection",__builtin___strncpy_chk (errorStringRet, "IO error occured doing Protocol Setup on connection"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
203 errorLength)__builtin___strncpy_chk (errorStringRet, "IO error occured doing Protocol Setup on connection"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
;
204 return (IceProtocolSetupIOError);
205 }
206 else if (gotReply)
12
Assuming 'gotReply' is not equal to 0
13
Taking true branch
207 {
208 if (reply.type == ICE_PROTOCOL_REPLY3)
14
Taking true branch
209 {
210 if (reply.protocol_reply.version_index >=
15
Taking true branch
211 myProtocol->orig_client->version_count)
212 {
213 strncpy (errorStringRet,__builtin___strncpy_chk (errorStringRet, "Got a bad version index in the Protocol Reply"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
16
Within the expansion of the macro 'strncpy':
a
Null pointer argument in call to string copy function
214 "Got a bad version index in the Protocol Reply",__builtin___strncpy_chk (errorStringRet, "Got a bad version index in the Protocol Reply"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
215 errorLength)__builtin___strncpy_chk (errorStringRet, "Got a bad version index in the Protocol Reply"
, errorLength, __builtin_object_size (errorStringRet, 2 > 1
? 1 : 0))
;
216
217 free (reply.protocol_reply.vendor);
218 free (reply.protocol_reply.release);
219 }
220 else
221 {
222 versionRec = &(myProtocol->orig_client->version_recs[
223 reply.protocol_reply.version_index]);
224
225 accepted = 1;
226 }
227 }
228 else /* reply.type == ICE_PROTOCOL_ERROR */
229 {
230 /* Protocol Setup failed */
231
232 strncpy (errorStringRet, reply.protocol_error.error_message,__builtin___strncpy_chk (errorStringRet, reply.protocol_error
.error_message, errorLength, __builtin_object_size (errorStringRet
, 2 > 1 ? 1 : 0))
233 errorLength)__builtin___strncpy_chk (errorStringRet, reply.protocol_error
.error_message, errorLength, __builtin_object_size (errorStringRet
, 2 > 1 ? 1 : 0))
;
234
235 free (reply.protocol_error.error_message);
236 }
237
238 if (iceConn->protosetup_to_you->my_auth_indices)
239 free (iceConn->protosetup_to_you->my_auth_indices);
240 free (iceConn->protosetup_to_you);
241 iceConn->protosetup_to_you = NULL((void*)0);
242 }
243 }
244
245 if (accepted)
246 {
247 _IceProcessMsgInfo *process_msg_info;
248
249 *majorVersionRet = versionRec->major_version;
250 *minorVersionRet = versionRec->minor_version;
251 *vendorRet = reply.protocol_reply.vendor;
252 *releaseRet = reply.protocol_reply.release;
253
254
255 /*
256 * Increase the reference count for the number of active protocols.
257 */
258
259 iceConn->proto_ref_count++;
260
261
262 /*
263 * We may be using a different major opcode for this protocol
264 * than the other client. Whenever we get a message, we must
265 * map to our own major opcode.
266 */
267
268 hisOpcode = reply.protocol_reply.major_opcode;
269
270 _IceAddOpcodeMapping (iceConn, hisOpcode, myOpcode);
271
272 process_msg_info = &iceConn->process_msg_info[hisOpcode -
273 iceConn->his_min_opcode];
274
275 process_msg_info->client_data = clientData;
276 process_msg_info->accept_flag = 0;
277
278 process_msg_info->process_msg_proc.orig_client =
279 versionRec->process_msg_proc;
280
281 return (IceProtocolSetupSuccess);
282 }
283 else
284 {
285 return (IceProtocolSetupFailure);
286 }
287}