/Users/scm/git/github/teem/src/air/heap.c

Bug Summary

File:	src/air/heap.c
Location:	line 152, column 3
Description:	Null pointer argument in call to memory copy function

Annotated Source Code

Teem: Tools to process and visualize scientific data and images .

This library is free software; you can redistribute it and/or

modify it under the terms of the GNU Lesser General Public License

(LGPL) as published by the Free Software Foundation; either

version 2.1 of the License, or (at your option) any later version.

The terms of redistributing and/or modifying this software also

include exceptions to the LGPL that facilitate static linking.

This library is distributed in the hope that it will be useful,

but WITHOUT ANY WARRANTY; without even the implied warranty of

MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License

along with this library; if not, write to Free Software Foundation, Inc.,

51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

#include "air.h"

#include <string.h>

/* internal helper routines */

/* restore heap property by pulling a single node up the tree */

static void upheap(airHeap *h, unsigned int i) {

while (i) {

unsigned int parent = (i-1)/2;

if (h->key[h->idx[parent]] > h->key[h->idx[i]]) { /* swap */

unsigned int tmp = h->idx[parent];

h->idx[parent] = h->idx[i];

h->idx[i] = tmp;

h->invidx[h->idx[i]] = i;

h->invidx[h->idx[parent]] = parent;

i = parent;

} else

i = 0; /* break loop */

}

/* restore heap property by pushing a single node down the tree */

static void downheap (airHeap *h, unsigned int i) {

unsigned int len = h->key_a->len;

while (1) {

unsigned int left = 2*i+1;

unsigned int right = 2*i+2;

unsigned int minidx = 0;

double minval = 0;

if (left>=len)

return;

if ((right>=len) ||

(h->key[h->idx[left]] < h->key[h->idx[right]])) {

minidx = left;

minval = h->key[h->idx[left]];

} else {

minidx = right;

minval = h->key[h->idx[right]];

}

if (h->key[h->idx[i]] > minval) { /* swap */

unsigned int tmp = h->idx[i];

h->idx[i] = h->idx[minidx];

h->idx[minidx] = tmp;

h->invidx[h->idx[i]] = i;

h->invidx[h->idx[minidx]] = minidx;

i = minidx;

} else

return;

}

/* Restore heap property "from scratch" (without any prior assumptions).

* Works in a bottom-up manner, which is more efficient than top-down */

static void heapify (airHeap *h) {

unsigned int len = h->key_a->len;

int maxi = len/2-1, i; /* above maxi, downheap has no effect */

for (i=maxi; i>=0; i--) {

downheap(h, i);

}

/* Tries to increase or decrease the length of h. returns 0 upon success. */

static int heapLenIncr (airHeap *h, int delta) {

unsigned int oldlen=h->key_a->len;

unsigned int newlen=oldlen+delta;

if (delta==0)

←

Assuming 'delta' is not equal to 0

→

←

Taking false branch

→

return 0;

airArrayLenIncr(h->key_a, delta);

if (h->data_a!=NULL((void*)0)) airArrayLenIncr(h->data_a, delta);

←

Taking false branch

→

airArrayLenIncr(h->idx_a, delta);

airArrayLenIncr(h->invidx_a, delta);

if (h->key_a->len<newlen || (h->data_a!=NULL((void*)0) && h->data_a->len<newlen) ||

←

Taking false branch

→

h->idx_a->len<newlen || h->invidx_a->len<newlen) {

/* Error. Try to undo changes and return error code. */

if (h->key_a->len>oldlen) airArrayLenSet(h->key_a, oldlen);

if (h->data_a!=NULL((void*)0) && h->data_a->len>oldlen)

airArrayLenSet(h->data_a, oldlen);

if (h->idx_a->len>oldlen) airArrayLenSet(h->idx_a, oldlen);

if (h->invidx_a->len>oldlen) airArrayLenSet(h->invidx_a, oldlen);

100

return 1;

101

}

102

return 0;

103

}

104

105

/* Creates a new heap, returning NULL upon error. If additional data

106

* is to be stored with each node, dataUnit needs to be set to the

107

* number of data bytes needed per element. incr is used for dynamic

108

* memory allocation (an additional number of incr elements are

109

* allocated each time the heap grows past its current capacity).

110

111

airHeap *airHeapNew(size_t dataUnit, unsigned int incr) {

112

airHeap *h;

113

airPtrPtrUnion appu;

114

h = AIR_CALLOC(1, airHeap)(airHeap*)(calloc((1), sizeof(airHeap)));

←

Within the expansion of the macro 'AIR_CALLOC':

→

a	Null pointer value stored to field 'key'

115

if (h==NULL((void*)0)) {

←

Assuming 'h' is not equal to null

→

←

Taking false branch

→

116

return NULL((void*)0);

117

}

118

119

appu.d = &h->key;

120

h->key_a = airArrayNew(appu.v, NULL((void*)0), sizeof(double), incr);

121

if (dataUnit>0) { /* data is optional */

←

Taking false branch

→

122

h->data_a = airArrayNew(&h->data, NULL((void*)0), dataUnit, incr);

123

}

124

appu.ui = &h->idx;

125

h->idx_a = airArrayNew(appu.v, NULL((void*)0), sizeof(unsigned int), incr);

126

appu.ui = &h->invidx;

127

h->invidx_a = airArrayNew(appu.v, NULL((void*)0), sizeof(unsigned int), incr);

128

129

if (h->key_a==NULL((void*)0) || (dataUnit>0 && h->data_a==NULL((void*)0)) || h->idx_a==NULL((void*)0) ||

←

Taking false branch

→

130

h->invidx_a==NULL((void*)0)) { /* allocation failed (partly) */

131

airHeapNix(h);

132

return NULL((void*)0);

133

}

134

return h;

135

}

136

137

/* Same as airHeapNew, but initializes the new heap with the keys from key

138

* and the optional data from data. If data is non-NULL, it needs to

139

* have the same length as key, or this function will fail. The incr

140

* field of the heap is copied from key (rather than data).

141

142

airHeap *airHeapFromArray(const airArray *key, const airArray *data) {

143

airHeap *h;

144

unsigned int i;

145

if (key==NULL((void*)0) || (data!=NULL((void*)0) && data->len!=key->len))

Assuming 'key' is not equal to null

→

←

Assuming 'data' is equal to null

→

146

return NULL((void*)0); /* unusable input */

147

h = airHeapNew((data==NULL((void*)0))?0:data->unit, key->incr);

←

'?' condition is true

Calling 'airHeapNew'

Returning from 'airHeapNew'

→

148

if (heapLenIncr (h, key->len)) { /* could not allocate memory */

←

Calling 'heapLenIncr'

→

←

Returning from 'heapLenIncr'

→

←

Taking false branch

→

149

airHeapNix(h);

150

return NULL((void*)0);

151

}

152

memcpy(h->key, key->data, key->len*sizeof(double))__builtin___memcpy_chk (h->key, key->data, key->len*
sizeof(double), __builtin_object_size (h->key, 0));

←

Within the expansion of the macro 'memcpy':

a	Null pointer argument in call to memory copy function

153

if (h->data_a!=NULL((void*)0)) memcpy(h->data, data->data, data->len*data->unit)__builtin___memcpy_chk (h->data, data->data, data->len
*data->unit, __builtin_object_size (h->data, 0));

154

for (i=0; i<key->len; i++) { /* initialize indices to identity */

155

h->idx[i]=i;

156

h->invidx[i]=i;

157

}

158

heapify(h);

159

return h;

160

}

161

162

/* Frees all memory associated with the heap and its data */

163

airHeap *airHeapNix(airHeap *h) {

164

if (h!=NULL((void*)0)) {

165

airArrayNuke(h->key_a);

166

if (h->data_a!=NULL((void*)0)) airArrayNuke(h->data_a);

167

airArrayNuke(h->idx_a);

168

airArrayNuke(h->invidx_a);

169

free(h);

170

}

171

return NULL((void*)0);

172

}

173

174

/* Returns the number of elements that are currently in heap h

175

* (or 0 if h==NULL) */

176

unsigned int airHeapLength(const airHeap *h) {

177

if (h!=NULL((void*)0)) {

178

return h->key_a->len;

179

} else

180

return 0;

181

}

182

183

/* Inserts a key into the heap. data is copied over (deep copy) when the

184

* heap was initialized to hold additional data. Otherwise, it is ignored.

185

186

* Returns the new number of elements in h.

187

* Upon error, this can be the same as the old length. */

188

unsigned int airHeapInsert(airHeap *h, double key, const void *data) {

189

unsigned int oldlen;

190

if (h==NULL((void*)0)) return 0;

191

oldlen = h->key_a->len;

192

/* make space for the new element */

193

if (heapLenIncr(h, 1))

194

return oldlen;

195

h->key[oldlen]=key;

196

if (h->data_a!=NULL((void*)0) && data!=NULL((void*)0)) {

197

memcpy((char*)h->data_a->data+oldlen*h->data_a->unit, data,__builtin___memcpy_chk ((char*)h->data_a->data+oldlen*h
->data_a->unit, data, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+oldlen*h->data_a->unit, 0
))

198

h->data_a->unit)__builtin___memcpy_chk ((char*)h->data_a->data+oldlen*h
->data_a->unit, data, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+oldlen*h->data_a->unit, 0
));

199

}

200

h->idx[oldlen]=oldlen;

201

h->invidx[oldlen]=oldlen;

202

upheap(h,oldlen); /* restore the heap property */

203

return oldlen+1;

204

}

205

206

/* Merges the second heap into the first. Returns the new length of first,

207

* or zero upon error. */

208

unsigned int airHeapMerge(airHeap *first, const airHeap *second) {

209

unsigned int first_len, second_len, i;

210

if (first==NULL((void*)0) || second==NULL((void*)0))

211

return 0;

212

if ((first->data_a==NULL((void*)0)) ^ (second->data_a==NULL((void*)0)))

213

return 0; /* incompatible data */

214

if (first->data_a!=NULL((void*)0) &&

215

(first->data_a->unit!=second->data_a->unit))

216

return 0; /* incompatible data */

217

/* make sufficient space in first */

218

first_len = first->key_a->len;

219

second_len = second->key_a->len;

220

if (heapLenIncr(first, second_len))

221

return 0;

222

/* concatenate and heapify */

223

memcpy(first->key+first_len, second->key, second_len*sizeof(double))__builtin___memcpy_chk (first->key+first_len, second->key
, second_len*sizeof(double), __builtin_object_size (first->
key+first_len, 0));

224

if (first->data_a!=NULL((void*)0))

225

memcpy((char*)first->data_a->data+first_len*first->data_a->unit,__builtin___memcpy_chk ((char*)first->data_a->data+first_len
*first->data_a->unit, second->data_a->data, second_len
*second->data_a->unit, __builtin_object_size ((char*)first
->data_a->data+first_len*first->data_a->unit, 0))

226

second->data_a->data,second_len*second->data_a->unit)__builtin___memcpy_chk ((char*)first->data_a->data+first_len
*first->data_a->unit, second->data_a->data, second_len
*second->data_a->unit, __builtin_object_size ((char*)first
->data_a->data+first_len*first->data_a->unit, 0));

227

for (i=0; i<second_len; i++) {

228

first->idx[first_len+i] = first_len+second->idx[i];

229

first->invidx[first->idx[first_len+i]]=first_len+i;

230

}

231

heapify(first);

232

return first_len+second_len;

233

}

234

235

/* Returns the key of the front element in the heap and optionally copies the

236

* associated data to *data. Does not modify the heap. */

237

double airHeapFrontPeek(const airHeap *h, void *data) {

238

if (h==NULL((void*)0) || h->key_a->len==0)

239

return 0.0;

240

if (data!=NULL((void*)0) && h->data_a!=NULL((void*)0))

241

memcpy(data, (char*)h->data_a->data+h->idx[0]*h->data_a->unit,__builtin___memcpy_chk (data, (char*)h->data_a->data+h->
idx[0]*h->data_a->unit, h->data_a->unit, __builtin_object_size
(data, 0))

242

h->data_a->unit)__builtin___memcpy_chk (data, (char*)h->data_a->data+h->
idx[0]*h->data_a->unit, h->data_a->unit, __builtin_object_size
(data, 0));

243

return h->key[h->idx[0]];

244

}

245

246

/* Same as airHeapFrontPeek, but additionally removes the front element. */

247

double airHeapFrontPop(airHeap *h, void *data) {

248

double retval = airHeapFrontPeek(h, data);

249

if (h!=NULL((void*)0) && h->key_a->len>0) {

250

airHeapRemove(h, h->idx[0]);

251

}

252

return retval;

253

}

254

255

/* Assigns a new key (and optionally, new data) to the front element and

256

* re-sorts the heap if necessary. */

257

int airHeapFrontUpdate(airHeap *h, double newKey, const void *newData) {

258

if (h==NULL((void*)0) || h->key_a->len==0)

259

return 1;

260

if (newData!=NULL((void*)0) && h->data_a!=NULL((void*)0))

261

memcpy((char*)h->data_a->data+h->idx[0]*h->data_a->unit, newData,__builtin___memcpy_chk ((char*)h->data_a->data+h->idx
[0]*h->data_a->unit, newData, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+h->idx[0]*h->data_a->
unit, 0))

262

h->data_a->unit)__builtin___memcpy_chk ((char*)h->data_a->data+h->idx
[0]*h->data_a->unit, newData, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+h->idx[0]*h->data_a->
unit, 0));

263

h->key[h->idx[0]]=newKey;

264

downheap(h, 0);

265

return 0;

266

}

267

268

/* The following functions provide advanced functionality and should

269

* not be required in most applications. */

270

271

/* airHeapFind returns 0 if an element is found whose data is bitwise

272

* equal to the given data, and sets *ai to the index of this

273

* element. If more than one element matches the data, an arbitrary

274

* one of them is returned. The index can be used with airHeapRemove

275

* or airHeapUpdate, but will become invalid as soon as any element is

276

* removed from the heap. */

277

int airHeapFind(const airHeap *h, unsigned int *ai, const void *data) {

278

unsigned int i;

279

if (h==NULL((void*)0) || ai==NULL((void*)0) || data==NULL((void*)0) || h->data_a==NULL((void*)0))

280

return 1;

281

for (i=0; i<h->key_a->len; i++) {

282

if (!memcmp((char*)h->data_a->data+i*h->data_a->unit, data,

283

h->data_a->unit)) {

284

*ai = i;

285

return 0;

286

}

287

}

288

return 1;

289

}

290

291

/* Removes element ai from the heap, returns 0 upon success. */

292

int airHeapRemove(airHeap *h, unsigned int ai) {

293

unsigned int old_invidx_ai;

294

if (h==NULL((void*)0) || h->key_a->len<=ai)

295

return 1;

296

/* in the tree, replace ai with last element */

297

old_invidx_ai=h->invidx[ai];

298

h->idx[h->invidx[ai]]=h->idx[h->key_a->len-1];

299

h->invidx[h->idx[h->key_a->len-1]]=h->invidx[ai];

300

/* remove ai - copy last element over, then drop it */

301

if (ai!=h->key_a->len-1) {

302

h->key[ai]=h->key[h->key_a->len-1];

303

if (h->data_a!=NULL((void*)0)) {

304

memcpy((char*)h->data_a->data+ai*h->data_a->unit,__builtin___memcpy_chk ((char*)h->data_a->data+ai*h->
data_a->unit, (char*)h->data_a->data+(h->key_a->
len-1)*h->data_a->unit, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+ai*h->data_a->unit, 0))

305

(char*)h->data_a->data+(h->key_a->len-1)*h->data_a->unit,__builtin___memcpy_chk ((char*)h->data_a->data+ai*h->
data_a->unit, (char*)h->data_a->data+(h->key_a->
len-1)*h->data_a->unit, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+ai*h->data_a->unit, 0))

306

h->data_a->unit)__builtin___memcpy_chk ((char*)h->data_a->data+ai*h->
data_a->unit, (char*)h->data_a->data+(h->key_a->
len-1)*h->data_a->unit, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+ai*h->data_a->unit, 0));

307

}

308

h->idx[h->invidx[h->key_a->len-1]]=ai;

309

h->invidx[ai]=h->invidx[h->key_a->len-1];

310

}

311

heapLenIncr(h, -1);

312

/* push moved element downheap */

313

if (old_invidx_ai<h->key_a->len)

314

downheap(h, old_invidx_ai);

315

return 0;

316

}

317

318

/* Changes the key (and optional data) of the element ai, re-sorting

319

* the heap if necessary. Returns 0 upon success. */

320

int airHeapUpdate(airHeap *h, unsigned int ai, double newKey,

321

const void *newData) {

322

double oldkey;

323

if (h==NULL((void*)0) || h->key_a->len<=ai)

324

return 1;

325

oldkey = h->key[ai];

326

/* replace key and data */

327

h->key[ai] = newKey;

328

if (h->data_a!=NULL((void*)0) && newData!=NULL((void*)0)) {

329

memcpy((char*)h->data_a->data+ai*h->data_a->unit,__builtin___memcpy_chk ((char*)h->data_a->data+ai*h->
data_a->unit, newData, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+ai*h->data_a->unit, 0))

330

newData, h->data_a->unit)__builtin___memcpy_chk ((char*)h->data_a->data+ai*h->
data_a->unit, newData, h->data_a->unit, __builtin_object_size
((char*)h->data_a->data+ai*h->data_a->unit, 0));

331

}

332

if (oldkey<newKey) downheap(h, h->invidx[ai]);

333

else upheap(h, h->invidx[ai]);

334

return 0;

335

}