Bug Summary

File:/home/joel/rtems-4.11-work/build/rtems/c/src/../../cpukit/posix/src/aio_cancel.c
Location:line 117, column 7
Description:Null pointer passed as an argument to a 'nonnull' parameter

Annotated Source Code

1/*
2 * Copyright 2010, Alin Rus <alin.codejunkie@gmail.com>
3 *
4 * The license and distribution terms for this file may be
5 * found in the file LICENSE in this distribution or at
6 * http://www.rtems.com/license/LICENSE.
7 *
8 * $Id: aio_cancel.c,v 1.4 2010/08/24 12:04:43 ralf Exp $
9 */
10
11#if HAVE_CONFIG_H1
12#include "config.h"
13#endif
14
15#include <aio.h>
16#include <rtems/posix/aio_misc.h>
17#include <errno(*__errno_location ()).h>
18#include <stdlib.h>
19#include <rtems/system.h>
20#include <rtems/seterr.h>
21
22/*
23 * aio_cancel
24 *
25 * Cancel an asynchronous I/O request
26 *
27 * Input parameters:
28 * fildes - file descriptor
29 * aiocbp - asynchronous I/O control block
30 *
31 * Output parameters:
32 * AIO_CANCELED - if the requested operation(s)
33 * were canceled
34 * AIO_NOTCANCELED - if at least one of the requested
35 * operation(s) cannot be canceled
36 */
37
38
39int aio_cancel(int fildes, struct aiocb *aiocbp)
40{
41 rtems_aio_request_chain *r_chain;
42 int result;
43
44 pthread_mutex_lock (&aio_request_queue.mutex);
45
46 if (aiocbp == NULL((void *)0))
1
Taking false branch
47 {
48 if (fcntl (fildes, F_GETFL3) < 0) {
49 pthread_mutex_unlock(&aio_request_queue.mutex);
50 rtems_set_errno_and_return_minus_one (EBADF)do { (*__errno_location ()) = (9); return -1; } while(0);
51 }
52
53 r_chain = rtems_aio_search_fd (&aio_request_queue.work_req,
54 fildes,
55 0);
56 if (r_chain == NULL((void *)0))
57 {
58 if (!rtems_chain_is_empty (&aio_request_queue.idle_req))
59 {
60 r_chain = rtems_aio_search_fd (&aio_request_queue.idle_req,
61 fildes,
62 0);
63 if (r_chain == NULL((void *)0)) {
64 pthread_mutex_unlock(&aio_request_queue.mutex);
65 return AIO_ALLDONE2;
66 }
67
68 rtems_chain_extract (&r_chain->next_fd);
69 rtems_aio_remove_fd (r_chain);
70 pthread_mutex_destroy (&r_chain->mutex);
71 pthread_cond_destroy (&r_chain->mutex);
72 free (r_chain);
73
74 pthread_mutex_unlock (&aio_request_queue.mutex);
75 return AIO_CANCELED0;
76 }
77
78 pthread_mutex_unlock (&aio_request_queue.mutex);
79 return AIO_ALLDONE2;
80 }
81
82 pthread_mutex_lock (&r_chain->mutex);
83 rtems_chain_extract (&r_chain->next_fd);
84 rtems_aio_remove_fd (r_chain);
85 pthread_mutex_unlock (&r_chain->mutex);
86 pthread_mutex_unlock (&aio_request_queue.mutex);
87 return AIO_CANCELED0;
88 }
89 else
90 {
91 if (aiocbp->aio_fildes != fildes) {
2
Taking false branch
92 pthread_mutex_unlock (&aio_request_queue.mutex);
93 rtems_set_errno_and_return_minus_one (EINVAL)do { (*__errno_location ()) = (22); return -1; } while(0);
94 }
95
96 r_chain = rtems_aio_search_fd (&aio_request_queue.work_req,
97 fildes,
98 0);
99 if (r_chain == NULL((void *)0))
3
Assuming pointer value is null
4
Taking true branch
100 if (!rtems_chain_is_empty (&aio_request_queue.idle_req))
5
Taking false branch
101 {
102 r_chain = rtems_aio_search_fd (&aio_request_queue.idle_req,
103 fildes,
104 0);
105 if (r_chain == NULL((void *)0))
106 {
107 pthread_mutex_unlock (&aio_request_queue.mutex);
108 rtems_set_errno_and_return_minus_one (EINVAL)do { (*__errno_location ()) = (22); return -1; } while(0);
109 }
110
111 result = rtems_aio_remove_req (&r_chain->next_fd, aiocbp);
112 pthread_mutex_unlock (&aio_request_queue.mutex);
113 return result;
114
115 }
116
117 pthread_mutex_lock (&r_chain->mutex);
6
Null pointer passed as an argument to a 'nonnull' parameter
118 result = rtems_aio_remove_req (&r_chain->next_fd, aiocbp);
119 pthread_mutex_unlock (&r_chain->mutex);
120 pthread_mutex_unlock (&aio_request_queue.mutex);
121 return result;
122
123 }
124
125 return AIO_ALLDONE2;
126}