NULL deference in matras #14
Description
See line 359 and 363:
void
314matras_destroy_read_view(struct matras *m, struct matras_view *v)
315{
1. Condition v != &m->head, taking true branch.
316 assert(v != &m->head);
2. Condition !v->next_view, taking false branch.
317 if (!v->next_view)
318 return;
319 struct matras_view *next_view = v->next_view;
320 struct matras_view *prev_view = v->prev_view;
321 next_view->prev_view = prev_view;
3. Condition prev_view, taking true branch.
322 if (prev_view)
323 prev_view->next_view = next_view;
324 v->next_view = 0;
325
4. Condition v->block_count == 0, taking false branch.
326 if (v->block_count == 0)
327 return;
5. Condition v->root == next_view->root, taking true branch.
6. Condition next_view->block_count, taking false branch.
328 if (v->root == next_view->root && next_view->block_count)
329 return;
7. Condition prev_view, taking true branch.
8. Condition v->root == prev_view->root, taking false branch.
330 if (prev_view && v->root == prev_view->root && prev_view->block_count)
331 return;
332 void **extent1 = (void **)v->root;
333 void **extent1n = (void **) next_view->root;
334 void **extent1p = 0;
9. Condition prev_view, taking true branch.
335 if (prev_view)
336 extent1p = (void **) prev_view->root;
337 matras_id_t step1 = m->mask1 + 1;
338 matras_id_t step2 = m->mask2 + 1;
339 matras_id_t i1 = 0, j1 = 0, i2, j2;
340 matras_id_t ptrs_in_ext = m->extent_size / (matras_id_t)sizeof(void *);
10. Condition j1 < v->block_count, taking true branch.
16. Condition j1 < v->block_count, taking true branch.
341 for (; j1 < v->block_count; i1++, j1 += step1) {
342 void **extent2 = (void **)extent1[i1];
343 void **extent2n = 0;
17. assign_zero: Assigning: extent2p = NULL.
344 void **extent2p = 0;
11. Condition next_view->block_count > j1, taking false branch.
18. Condition next_view->block_count > j1, taking false branch.
345 if (next_view->block_count > j1) {
346 if (extent1[i1] == extent1n[i1])
347 continue;
348 extent2n = (void **) extent1n[i1];
349 }
12. Condition prev_view, taking true branch.
13. Condition prev_view->block_count > j1, taking true branch.
19. Condition prev_view, taking true branch.
20. Condition prev_view->block_count > j1, taking false branch.
350 if (prev_view && prev_view->block_count > j1) {
14. Condition extent1[i1] == extent1p[i1], taking true branch.
351 if (extent1[i1] == extent1p[i1])
15. Continuing loop.
352 continue;
353 extent2p = (void **) extent1p[i1];
354 }
21. Condition i2 < ptrs_in_ext, taking true branch.
22. Condition j1 + j2 < v->block_count, taking true branch.
27. Condition i2 < ptrs_in_ext, taking true branch.
28. Condition j1 + j2 < v->block_count, taking true branch.
355 for (i2 = j2 = 0;
356 i2 < ptrs_in_ext && j1 + j2 < v->block_count;
357 i2++, j2 += step2) {
358 void **extent3 = (void **)extent2[i2];
23. Condition next_view->block_count > j1 + j2, taking false branch.
29. Condition next_view->block_count > j1 + j2, taking false branch.
359 if (next_view->block_count > j1 + j2) {
CID 1398748: Explicit null dereferenced (FORWARD_NULL) [select issue]
360 if (extent2[i2] == extent2n[i2])
361 continue;
362 }
24. Condition prev_view, taking true branch.
25. Condition prev_view->block_count > j1 + j2, taking false branch.
30. Condition prev_view, taking true branch.
31. Condition prev_view->block_count > j1 + j2, taking true branch.
363 if (prev_view && prev_view->block_count > j1 + j2) {
CID 1398732 (#1 of 1): Explicit null dereferenced (FORWARD_NULL)32. var_deref_op: Dereferencing null pointer extent2p.
364 if (extent2[i2] == extent2p[i2])
365 continue;
366 }
367 matras_free_extent(m, extent3);
26. Jumping back to the beginning of the loop.
368 }
369 matras_free_extent(m, extent2);
370 }
371 matras_free_extent(m, extent1);
372}
Found by Coverity.