~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/scripts/coccinelle/null/deref_null.cocci

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /scripts/coccinelle/null/deref_null.cocci (Version linux-6.12-rc7) and /scripts/coccinelle/null/deref_null.cocci (Version linux-6.9.12)


  1 // SPDX-License-Identifier: GPL-2.0-only            1 // SPDX-License-Identifier: GPL-2.0-only
  2 ///                                                 2 ///
  3 /// A variable is dereferenced under a NULL te      3 /// A variable is dereferenced under a NULL test.
  4 /// Even though it is known to be NULL.             4 /// Even though it is known to be NULL.
  5 ///                                                 5 ///
  6 // Confidence: Moderate                             6 // Confidence: Moderate
  7 // Copyright: (C) 2010 Nicolas Palix, DIKU.         7 // Copyright: (C) 2010 Nicolas Palix, DIKU.
  8 // Copyright: (C) 2010 Julia Lawall, DIKU.          8 // Copyright: (C) 2010 Julia Lawall, DIKU.
  9 // Copyright: (C) 2010 Gilles Muller, INRIA/Li      9 // Copyright: (C) 2010 Gilles Muller, INRIA/LiP6.
 10 // URL: https://coccinelle.gitlabpages.inria.f     10 // URL: https://coccinelle.gitlabpages.inria.fr/website
 11 // Comments: -I ... -all_includes can give mor     11 // Comments: -I ... -all_includes can give more complete results
 12 // Options:                                        12 // Options:
 13                                                    13 
 14 virtual context                                    14 virtual context
 15 virtual org                                        15 virtual org
 16 virtual report                                     16 virtual report
 17                                                    17 
 18 // The following two rules are separate, becau     18 // The following two rules are separate, because both can match a single
 19 // expression in different ways                    19 // expression in different ways
 20 @pr1 expression@                                   20 @pr1 expression@
 21 expression E;                                      21 expression E;
 22 identifier f;                                      22 identifier f;
 23 position p1;                                       23 position p1;
 24 @@                                                 24 @@
 25                                                    25 
 26  (E != NULL && ...) ? <+...E->f@p1...+> : ...       26  (E != NULL && ...) ? <+...E->f@p1...+> : ...
 27                                                    27 
 28 @pr2 expression@                                   28 @pr2 expression@
 29 expression E;                                      29 expression E;
 30 identifier f;                                      30 identifier f;
 31 position p2;                                       31 position p2;
 32 @@                                                 32 @@
 33                                                    33 
 34 (                                                  34 (
 35   (E != NULL) && ... && <+...E->f@p2...+>           35   (E != NULL) && ... && <+...E->f@p2...+>
 36 |                                                  36 |
 37   (E == NULL) || ... || <+...E->f@p2...+>           37   (E == NULL) || ... || <+...E->f@p2...+>
 38 |                                                  38 |
 39  sizeof(<+...E->f@p2...+>)                          39  sizeof(<+...E->f@p2...+>)
 40 )                                                  40 )
 41                                                    41 
 42 @ifm@                                              42 @ifm@
 43 expression *E;                                     43 expression *E;
 44 statement S1,S2;                                   44 statement S1,S2;
 45 position p1;                                       45 position p1;
 46 @@                                                 46 @@
 47                                                    47 
 48 if@p1 ((E == NULL && ...) || ...) S1 else S2       48 if@p1 ((E == NULL && ...) || ...) S1 else S2
 49                                                    49 
 50 // For org and report modes                        50 // For org and report modes
 51                                                    51 
 52 @r depends on !context && (org || report) exis     52 @r depends on !context && (org || report) exists@
 53 expression subE <= ifm.E;                          53 expression subE <= ifm.E;
 54 expression *ifm.E;                                 54 expression *ifm.E;
 55 expression E1,E2;                                  55 expression E1,E2;
 56 identifier f;                                      56 identifier f;
 57 statement S1,S2,S3,S4;                             57 statement S1,S2,S3,S4;
 58 iterator iter;                                     58 iterator iter;
 59 position p!={pr1.p1,pr2.p2};                       59 position p!={pr1.p1,pr2.p2};
 60 position ifm.p1;                                   60 position ifm.p1;
 61 @@                                                 61 @@
 62                                                    62 
 63 if@p1 ((E == NULL && ...) || ...)                  63 if@p1 ((E == NULL && ...) || ...)
 64 {                                                  64 {
 65   ... when != if (...) S1 else S2                  65   ... when != if (...) S1 else S2
 66 (                                                  66 (
 67  iter(subE,...) S4 // no use                       67  iter(subE,...) S4 // no use
 68 |                                                  68 |
 69  list_remove_head(E2,subE,...)                     69  list_remove_head(E2,subE,...)
 70 |                                                  70 |
 71  subE = E1                                         71  subE = E1
 72 |                                                  72 |
 73  for(subE = E1;...;...) S4                         73  for(subE = E1;...;...) S4
 74 |                                                  74 |
 75  subE++                                            75  subE++
 76 |                                                  76 |
 77  ++subE                                            77  ++subE
 78 |                                                  78 |
 79  --subE                                            79  --subE
 80 |                                                  80 |
 81  subE--                                            81  subE--
 82 |                                                  82 |
 83  &subE                                             83  &subE
 84 |                                                  84 |
 85  E->f@p // bad use                                 85  E->f@p // bad use
 86 )                                                  86 )
 87   ... when any                                     87   ... when any
 88   return ...;                                      88   return ...;
 89 }                                                  89 }
 90 else S3                                            90 else S3
 91                                                    91 
 92 @script:python depends on !context && !org &&      92 @script:python depends on !context && !org && report@
 93 p << r.p;                                          93 p << r.p;
 94 p1 << ifm.p1;                                      94 p1 << ifm.p1;
 95 x << ifm.E;                                        95 x << ifm.E;
 96 @@                                                 96 @@
 97                                                    97 
 98 msg="ERROR: %s is NULL but dereferenced." % (x     98 msg="ERROR: %s is NULL but dereferenced." % (x)
 99 coccilib.report.print_report(p[0], msg)            99 coccilib.report.print_report(p[0], msg)
100 cocci.include_match(False)                        100 cocci.include_match(False)
101                                                   101 
102 @script:python depends on !context && org && !    102 @script:python depends on !context && org && !report@
103 p << r.p;                                         103 p << r.p;
104 p1 << ifm.p1;                                     104 p1 << ifm.p1;
105 x << ifm.E;                                       105 x << ifm.E;
106 @@                                                106 @@
107                                                   107 
108 msg="ERROR: %s is NULL but dereferenced." % (x    108 msg="ERROR: %s is NULL but dereferenced." % (x)
109 msg_safe=msg.replace("[","@(").replace("]",")"    109 msg_safe=msg.replace("[","@(").replace("]",")")
110 cocci.print_main(msg_safe,p)                      110 cocci.print_main(msg_safe,p)
111 cocci.include_match(False)                        111 cocci.include_match(False)
112                                                   112 
113 @s depends on !context && (org || report) exis    113 @s depends on !context && (org || report) exists@
114 expression subE <= ifm.E;                         114 expression subE <= ifm.E;
115 expression *ifm.E;                                115 expression *ifm.E;
116 expression E1,E2;                                 116 expression E1,E2;
117 identifier f;                                     117 identifier f;
118 statement S1,S2,S3,S4;                            118 statement S1,S2,S3,S4;
119 iterator iter;                                    119 iterator iter;
120 position p!={pr1.p1,pr2.p2};                      120 position p!={pr1.p1,pr2.p2};
121 position ifm.p1;                                  121 position ifm.p1;
122 @@                                                122 @@
123                                                   123 
124 if@p1 ((E == NULL && ...) || ...)                 124 if@p1 ((E == NULL && ...) || ...)
125 {                                                 125 {
126   ... when != if (...) S1 else S2                 126   ... when != if (...) S1 else S2
127 (                                                 127 (
128  iter(subE,...) S4 // no use                      128  iter(subE,...) S4 // no use
129 |                                                 129 |
130  list_remove_head(E2,subE,...)                    130  list_remove_head(E2,subE,...)
131 |                                                 131 |
132  subE = E1                                        132  subE = E1
133 |                                                 133 |
134  for(subE = E1;...;...) S4                        134  for(subE = E1;...;...) S4
135 |                                                 135 |
136  subE++                                           136  subE++
137 |                                                 137 |
138  ++subE                                           138  ++subE
139 |                                                 139 |
140  --subE                                           140  --subE
141 |                                                 141 |
142  subE--                                           142  subE--
143 |                                                 143 |
144  &subE                                            144  &subE
145 |                                                 145 |
146  E->f@p // bad use                                146  E->f@p // bad use
147 )                                                 147 )
148   ... when any                                    148   ... when any
149 }                                                 149 }
150 else S3                                           150 else S3
151                                                   151 
152 @script:python depends on !context && !org &&     152 @script:python depends on !context && !org && report@
153 p << s.p;                                         153 p << s.p;
154 p1 << ifm.p1;                                     154 p1 << ifm.p1;
155 x << ifm.E;                                       155 x << ifm.E;
156 @@                                                156 @@
157                                                   157 
158 msg="ERROR: %s is NULL but dereferenced." % (x    158 msg="ERROR: %s is NULL but dereferenced." % (x)
159 coccilib.report.print_report(p[0], msg)           159 coccilib.report.print_report(p[0], msg)
160                                                   160 
161 @script:python depends on !context && org && !    161 @script:python depends on !context && org && !report@
162 p << s.p;                                         162 p << s.p;
163 p1 << ifm.p1;                                     163 p1 << ifm.p1;
164 x << ifm.E;                                       164 x << ifm.E;
165 @@                                                165 @@
166                                                   166 
167 msg="ERROR: %s is NULL but dereferenced." % (x    167 msg="ERROR: %s is NULL but dereferenced." % (x)
168 msg_safe=msg.replace("[","@(").replace("]",")"    168 msg_safe=msg.replace("[","@(").replace("]",")")
169 cocci.print_main(msg_safe,p)                      169 cocci.print_main(msg_safe,p)
170                                                   170 
171 // For context mode                               171 // For context mode
172                                                   172 
173 @depends on context && !org && !report exists@    173 @depends on context && !org && !report exists@
174 expression subE <= ifm.E;                         174 expression subE <= ifm.E;
175 expression *ifm.E;                                175 expression *ifm.E;
176 expression E1,E2;                                 176 expression E1,E2;
177 identifier f;                                     177 identifier f;
178 statement S1,S2,S3,S4;                            178 statement S1,S2,S3,S4;
179 iterator iter;                                    179 iterator iter;
180 position p!={pr1.p1,pr2.p2};                      180 position p!={pr1.p1,pr2.p2};
181 position ifm.p1;                                  181 position ifm.p1;
182 @@                                                182 @@
183                                                   183 
184 if@p1 ((E == NULL && ...) || ...)                 184 if@p1 ((E == NULL && ...) || ...)
185 {                                                 185 {
186   ... when != if (...) S1 else S2                 186   ... when != if (...) S1 else S2
187 (                                                 187 (
188  iter(subE,...) S4 // no use                      188  iter(subE,...) S4 // no use
189 |                                                 189 |
190  list_remove_head(E2,subE,...)                    190  list_remove_head(E2,subE,...)
191 |                                                 191 |
192  subE = E1                                        192  subE = E1
193 |                                                 193 |
194  for(subE = E1;...;...) S4                        194  for(subE = E1;...;...) S4
195 |                                                 195 |
196  subE++                                           196  subE++
197 |                                                 197 |
198  ++subE                                           198  ++subE
199 |                                                 199 |
200  --subE                                           200  --subE
201 |                                                 201 |
202  subE--                                           202  subE--
203 |                                                 203 |
204  &subE                                            204  &subE
205 |                                                 205 |
206 * E->f@p // bad use                               206 * E->f@p // bad use
207 )                                                 207 )
208   ... when any                                    208   ... when any
209   return ...;                                     209   return ...;
210 }                                                 210 }
211 else S3                                           211 else S3
212                                                   212 
213 // The following three rules are duplicates of    213 // The following three rules are duplicates of ifm, pr1 and pr2 respectively.
214 // It is need because the previous rule as alr    214 // It is need because the previous rule as already made a "change".
215                                                   215 
216 @pr11 depends on context && !org && !report ex    216 @pr11 depends on context && !org && !report expression@
217 expression E;                                     217 expression E;
218 identifier f;                                     218 identifier f;
219 position p1;                                      219 position p1;
220 @@                                                220 @@
221                                                   221 
222  (E != NULL && ...) ? <+...E->f@p1...+> : ...      222  (E != NULL && ...) ? <+...E->f@p1...+> : ...
223                                                   223 
224 @pr12 depends on context && !org && !report ex    224 @pr12 depends on context && !org && !report expression@
225 expression E;                                     225 expression E;
226 identifier f;                                     226 identifier f;
227 position p2;                                      227 position p2;
228 @@                                                228 @@
229                                                   229 
230 (                                                 230 (
231   (E != NULL) && ... && <+...E->f@p2...+>          231   (E != NULL) && ... && <+...E->f@p2...+>
232 |                                                 232 |
233   (E == NULL) || ... || <+...E->f@p2...+>          233   (E == NULL) || ... || <+...E->f@p2...+>
234 |                                                 234 |
235  sizeof(<+...E->f@p2...+>)                         235  sizeof(<+...E->f@p2...+>)
236 )                                                 236 )
237                                                   237 
238 @ifm1 depends on context && !org && !report@      238 @ifm1 depends on context && !org && !report@
239 expression *E;                                    239 expression *E;
240 statement S1,S2;                                  240 statement S1,S2;
241 position p1;                                      241 position p1;
242 @@                                                242 @@
243                                                   243 
244 if@p1 ((E == NULL && ...) || ...) S1 else S2      244 if@p1 ((E == NULL && ...) || ...) S1 else S2
245                                                   245 
246 @depends on context && !org && !report exists@    246 @depends on context && !org && !report exists@
247 expression subE <= ifm1.E;                        247 expression subE <= ifm1.E;
248 expression *ifm1.E;                               248 expression *ifm1.E;
249 expression E1,E2;                                 249 expression E1,E2;
250 identifier f;                                     250 identifier f;
251 statement S1,S2,S3,S4;                            251 statement S1,S2,S3,S4;
252 iterator iter;                                    252 iterator iter;
253 position p!={pr11.p1,pr12.p2};                    253 position p!={pr11.p1,pr12.p2};
254 position ifm1.p1;                                 254 position ifm1.p1;
255 @@                                                255 @@
256                                                   256 
257 if@p1 ((E == NULL && ...) || ...)                 257 if@p1 ((E == NULL && ...) || ...)
258 {                                                 258 {
259   ... when != if (...) S1 else S2                 259   ... when != if (...) S1 else S2
260 (                                                 260 (
261  iter(subE,...) S4 // no use                      261  iter(subE,...) S4 // no use
262 |                                                 262 |
263  list_remove_head(E2,subE,...)                    263  list_remove_head(E2,subE,...)
264 |                                                 264 |
265  subE = E1                                        265  subE = E1
266 |                                                 266 |
267  for(subE = E1;...;...) S4                        267  for(subE = E1;...;...) S4
268 |                                                 268 |
269  subE++                                           269  subE++
270 |                                                 270 |
271  ++subE                                           271  ++subE
272 |                                                 272 |
273  --subE                                           273  --subE
274 |                                                 274 |
275  subE--                                           275  subE--
276 |                                                 276 |
277  &subE                                            277  &subE
278 |                                                 278 |
279 * E->f@p // bad use                               279 * E->f@p // bad use
280 )                                                 280 )
281   ... when any                                    281   ... when any
282 }                                                 282 }
283 else S3                                           283 else S3
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php