several potential bugs of NULL Pointer Dereference/ Unchecked Return Value to NULL Pointer Dereference #27
Description
hello,I found several potential bug in source code,would you help me check if these bugs are true?thank you very much.
there are several potential bugs of NULL Pointer Dereference :
=================================================================
step 1 :
In file pccts/antlr/antlr.c , function predOrExpr line 929 :
Select the false branch at this point (predExpr!=null is false)
step 2 :
In file pccts/antlr/antlr.c , function predOrExpr line 934 :
null assigned to tail reaches here
step 3 :
In file pccts/antlr/antlr.c , function predOrExpr line 935 :
Select the false branch at this point (zzasp<=0 is false)
step 4 :
In file pccts/antlr/antlr.c , function predOrExpr line 943 :
Store predExpr to *(tail)
===============================================================
step 1 :
In file pccts/support/set/set.c , function set_pdq line 785/787:
Return null to caller
step 2 :
In file pccts/dlg/output.c , function p_accept_table line 486 :
Function set_pdq executes and stores the return value to t (t can be null)
step 3 :
In file pccts/dlg/output.c , function p_accept_table line 490 :
Load value from *nfa_i
there are several potential bugs of Unchecked Return Value to NULL Pointer Dereference :
=================================================================
step 1 :
In file pccts/support/set/set.c , function set_val line 556 :
Store the allocated memory to a.setword (lacking failure check, 45 out of 91 memory allocations checked failures)
set_new is a defined in set.h
step 2 :
In file pccts/support/set/set.c , function set_val line 557 :
Load value from a.setword and assign to p
step 3 :
In file pccts/support/set/set.c , function set_val line 562 :
Store 0 to *p
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildAction line 116 :
Allocate memory to t (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/build.c , function buildAction line 118 :
Select the false branch at this point (u!=0 is false)
step 3 :
In file pccts/antlr/build.c , function buildAction line 128 :
Store 0 to *(t)
=================================================================
step 1 :
In file pccts/antlr/main.c , function makeAltID line 1713 :
Allocate memory to p (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/main.c, function makeAltID line 1714 :
p is used as the 1st parameter in function strcpy (p can be null)
=================================================================step 1 :
In file pccts/support/set/set.c , function set_of line 265 :
Store the allocated memory to a.setword (lacking failure check, 45 out of 91 memory allocations checked failures)
set_new is a defined in set.h
step 2 :
In file pccts/support/set/set.c , function set_of line 266 :
Store bitmask[MODWORD(b)] to a.setword[DIVWORD(b)]
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildAction line 116 :
Allocate memory to t (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/build.c , function buildAction line 123 :
Store *u to *t
=================================================================
step 1 :
In file pccts/antlr/build.c , function buildWildCard line 213 :
Allocate memory to w (lacking failure check, 45 out of 91 memory allocations checked failures)
newTCnode is defined in generic.h
step 2 :
In file pccts/antlr/build.c , function buildWildCard line 214 :
Store the return value of function addTname to w->tok
=================================================================
step 1 :
In file pccts/antlr/egman.c, function arrayCheck line 237 :
Allocate memory to altArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 241 :
Store altArray[i] to altArrayNew[i]
=================================================================
step 1 :
In file pccts/antlr/main.c , function newUserAction line 1675 :
Store the allocated memory to ua->action (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/main.c , function newUserAction line 1676 :
ua->action is used as the 1st parameter in function strcpy (ua->action can be null)
=================================================================
step 1 :
In file pccts/antlr/egman.c , function arrayCheck line 233 :
Allocate memory to egArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 239 :
Store egArray[i] to egArrayNew[i]
=================================================================
step 1 :
In file pccts/antlr/egman.c , function arrayCheck line 235 :
Allocate memory to leArrayNew (lacking failure check, 45 out of 91 memory allocations checked failures)
step 2 :
In file pccts/antlr/egman.c , function arrayCheck line 240 :
Store leArray[i] to leArrayNew[i]