~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/scripts/coccinelle/null/deref_null.cocci

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~ 
  1 // SPDX-License-Identifier: GPL-2.0-only
  2 ///
  3 /// A variable is dereferenced under a NULL test.
  4 /// Even though it is known to be NULL.
  5 ///
  6 // Confidence: Moderate
  7 // Copyright: (C) 2010 Nicolas Palix, DIKU.
  8 // Copyright: (C) 2010 Julia Lawall, DIKU.
  9 // Copyright: (C) 2010 Gilles Muller, INRIA/LiP6.
 10 // URL: https://coccinelle.gitlabpages.inria.fr/website
 11 // Comments: -I ... -all_includes can give more complete results
 12 // Options:
 13 
 14 virtual context
 15 virtual org
 16 virtual report
 17 
 18 // The following two rules are separate, because both can match a single
 19 // expression in different ways
 20 @pr1 expression@
 21 expression E;
 22 identifier f;
 23 position p1;
 24 @@
 25 
 26  (E != NULL && ...) ? <+...E->f@p1...+> : ...
 27 
 28 @pr2 expression@
 29 expression E;
 30 identifier f;
 31 position p2;
 32 @@
 33 
 34 (
 35   (E != NULL) && ... && <+...E->f@p2...+>
 36 |
 37   (E == NULL) || ... || <+...E->f@p2...+>
 38 |
 39  sizeof(<+...E->f@p2...+>)
 40 )
 41 
 42 @ifm@
 43 expression *E;
 44 statement S1,S2;
 45 position p1;
 46 @@
 47 
 48 if@p1 ((E == NULL && ...) || ...) S1 else S2
 49 
 50 // For org and report modes
 51 
 52 @r depends on !context && (org || report) exists@
 53 expression subE <= ifm.E;
 54 expression *ifm.E;
 55 expression E1,E2;
 56 identifier f;
 57 statement S1,S2,S3,S4;
 58 iterator iter;
 59 position p!={pr1.p1,pr2.p2};
 60 position ifm.p1;
 61 @@
 62 
 63 if@p1 ((E == NULL && ...) || ...)
 64 {
 65   ... when != if (...) S1 else S2
 66 (
 67  iter(subE,...) S4 // no use
 68 |
 69  list_remove_head(E2,subE,...)
 70 |
 71  subE = E1
 72 |
 73  for(subE = E1;...;...) S4
 74 |
 75  subE++
 76 |
 77  ++subE
 78 |
 79  --subE
 80 |
 81  subE--
 82 |
 83  &subE
 84 |
 85  E->f@p // bad use
 86 )
 87   ... when any
 88   return ...;
 89 }
 90 else S3
 91 
 92 @script:python depends on !context && !org && report@
 93 p << r.p;
 94 p1 << ifm.p1;
 95 x << ifm.E;
 96 @@
 97 
 98 msg="ERROR: %s is NULL but dereferenced." % (x)
 99 coccilib.report.print_report(p[0], msg)
100 cocci.include_match(False)
101 
102 @script:python depends on !context && org && !report@
103 p << r.p;
104 p1 << ifm.p1;
105 x << ifm.E;
106 @@
107 
108 msg="ERROR: %s is NULL but dereferenced." % (x)
109 msg_safe=msg.replace("[","@(").replace("]",")")
110 cocci.print_main(msg_safe,p)
111 cocci.include_match(False)
112 
113 @s depends on !context && (org || report) exists@
114 expression subE <= ifm.E;
115 expression *ifm.E;
116 expression E1,E2;
117 identifier f;
118 statement S1,S2,S3,S4;
119 iterator iter;
120 position p!={pr1.p1,pr2.p2};
121 position ifm.p1;
122 @@
123 
124 if@p1 ((E == NULL && ...) || ...)
125 {
126   ... when != if (...) S1 else S2
127 (
128  iter(subE,...) S4 // no use
129 |
130  list_remove_head(E2,subE,...)
131 |
132  subE = E1
133 |
134  for(subE = E1;...;...) S4
135 |
136  subE++
137 |
138  ++subE
139 |
140  --subE
141 |
142  subE--
143 |
144  &subE
145 |
146  E->f@p // bad use
147 )
148   ... when any
149 }
150 else S3
151 
152 @script:python depends on !context && !org && report@
153 p << s.p;
154 p1 << ifm.p1;
155 x << ifm.E;
156 @@
157 
158 msg="ERROR: %s is NULL but dereferenced." % (x)
159 coccilib.report.print_report(p[0], msg)
160 
161 @script:python depends on !context && org && !report@
162 p << s.p;
163 p1 << ifm.p1;
164 x << ifm.E;
165 @@
166 
167 msg="ERROR: %s is NULL but dereferenced." % (x)
168 msg_safe=msg.replace("[","@(").replace("]",")")
169 cocci.print_main(msg_safe,p)
170 
171 // For context mode
172 
173 @depends on context && !org && !report exists@
174 expression subE <= ifm.E;
175 expression *ifm.E;
176 expression E1,E2;
177 identifier f;
178 statement S1,S2,S3,S4;
179 iterator iter;
180 position p!={pr1.p1,pr2.p2};
181 position ifm.p1;
182 @@
183 
184 if@p1 ((E == NULL && ...) || ...)
185 {
186   ... when != if (...) S1 else S2
187 (
188  iter(subE,...) S4 // no use
189 |
190  list_remove_head(E2,subE,...)
191 |
192  subE = E1
193 |
194  for(subE = E1;...;...) S4
195 |
196  subE++
197 |
198  ++subE
199 |
200  --subE
201 |
202  subE--
203 |
204  &subE
205 |
206 * E->f@p // bad use
207 )
208   ... when any
209   return ...;
210 }
211 else S3
212 
213 // The following three rules are duplicates of ifm, pr1 and pr2 respectively.
214 // It is need because the previous rule as already made a "change".
215 
216 @pr11 depends on context && !org && !report expression@
217 expression E;
218 identifier f;
219 position p1;
220 @@
221 
222  (E != NULL && ...) ? <+...E->f@p1...+> : ...
223 
224 @pr12 depends on context && !org && !report expression@
225 expression E;
226 identifier f;
227 position p2;
228 @@
229 
230 (
231   (E != NULL) && ... && <+...E->f@p2...+>
232 |
233   (E == NULL) || ... || <+...E->f@p2...+>
234 |
235  sizeof(<+...E->f@p2...+>)
236 )
237 
238 @ifm1 depends on context && !org && !report@
239 expression *E;
240 statement S1,S2;
241 position p1;
242 @@
243 
244 if@p1 ((E == NULL && ...) || ...) S1 else S2
245 
246 @depends on context && !org && !report exists@
247 expression subE <= ifm1.E;
248 expression *ifm1.E;
249 expression E1,E2;
250 identifier f;
251 statement S1,S2,S3,S4;
252 iterator iter;
253 position p!={pr11.p1,pr12.p2};
254 position ifm1.p1;
255 @@
256 
257 if@p1 ((E == NULL && ...) || ...)
258 {
259   ... when != if (...) S1 else S2
260 (
261  iter(subE,...) S4 // no use
262 |
263  list_remove_head(E2,subE,...)
264 |
265  subE = E1
266 |
267  for(subE = E1;...;...) S4
268 |
269  subE++
270 |
271  ++subE
272 |
273  --subE
274 |
275  subE--
276 |
277  &subE
278 |
279 * E->f@p // bad use
280 )
281   ... when any
282 }
283 else S3
~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~
kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php