Linux Audio

Check our new training course

Open Menu / scripts / coccinelle / null / deref_null.cocci
Loading...
v4.17
 
  1///
  2/// A variable is dereferenced under a NULL test.
  3/// Even though it is known to be NULL.
  4///
  5// Confidence: Moderate
  6// Copyright: (C) 2010 Nicolas Palix, DIKU.  GPLv2.
  7// Copyright: (C) 2010 Julia Lawall, DIKU.  GPLv2.
  8// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6.  GPLv2.
  9// URL: http://coccinelle.lip6.fr/
 10// Comments: -I ... -all_includes can give more complete results
 11// Options:
 12
 13virtual context
 14virtual org
 15virtual report
 16
 17@ifm@
 18expression *E;
 19statement S1,S2;
 20position p1;
 21@@
 22
 23if@p1 ((E == NULL && ...) || ...) S1 else S2
 24
 25// The following two rules are separate, because both can match a single
 26// expression in different ways
 27@pr1 expression@
 28expression *ifm.E;
 29identifier f;
 30position p1;
 31@@
 32
 33 (E != NULL && ...) ? <+...E->f@p1...+> : ...
 34
 35@pr2 expression@
 36expression *ifm.E;
 37identifier f;
 38position p2;
 39@@
 40
 41(
 42  (E != NULL) && ... && <+...E->f@p2...+>
 43|
 44  (E == NULL) || ... || <+...E->f@p2...+>
 45|
 46 sizeof(<+...E->f@p2...+>)
 47)
 48
 
 
 
 
 
 
 
 
 49// For org and report modes
 50
 51@r depends on !context && (org || report) exists@
 52expression subE <= ifm.E;
 53expression *ifm.E;
 54expression E1,E2;
 55identifier f;
 56statement S1,S2,S3,S4;
 57iterator iter;
 58position p!={pr1.p1,pr2.p2};
 59position ifm.p1;
 60@@
 61
 62if@p1 ((E == NULL && ...) || ...)
 63{
 64  ... when != if (...) S1 else S2
 65(
 66 iter(subE,...) S4 // no use
 67|
 68 list_remove_head(E2,subE,...)
 69|
 70 subE = E1
 71|
 72 for(subE = E1;...;...) S4
 73|
 74 subE++
 75|
 76 ++subE
 77|
 78 --subE
 79|
 80 subE--
 81|
 82 &subE
 83|
 84 E->f@p // bad use
 85)
 86  ... when any
 87  return ...;
 88}
 89else S3
 90
 91@script:python depends on !context && !org && report@
 92p << r.p;
 93p1 << ifm.p1;
 94x << ifm.E;
 95@@
 96
 97msg="ERROR: %s is NULL but dereferenced." % (x)
 98coccilib.report.print_report(p[0], msg)
 99cocci.include_match(False)
100
101@script:python depends on !context && org && !report@
102p << r.p;
103p1 << ifm.p1;
104x << ifm.E;
105@@
106
107msg="ERROR: %s is NULL but dereferenced." % (x)
108msg_safe=msg.replace("[","@(").replace("]",")")
109cocci.print_main(msg_safe,p)
110cocci.include_match(False)
111
112@s depends on !context && (org || report) exists@
113expression subE <= ifm.E;
114expression *ifm.E;
115expression E1,E2;
116identifier f;
117statement S1,S2,S3,S4;
118iterator iter;
119position p!={pr1.p1,pr2.p2};
120position ifm.p1;
121@@
122
123if@p1 ((E == NULL && ...) || ...)
124{
125  ... when != if (...) S1 else S2
126(
127 iter(subE,...) S4 // no use
128|
129 list_remove_head(E2,subE,...)
130|
131 subE = E1
132|
133 for(subE = E1;...;...) S4
134|
135 subE++
136|
137 ++subE
138|
139 --subE
140|
141 subE--
142|
143 &subE
144|
145 E->f@p // bad use
146)
147  ... when any
148}
149else S3
150
151@script:python depends on !context && !org && report@
152p << s.p;
153p1 << ifm.p1;
154x << ifm.E;
155@@
156
157msg="ERROR: %s is NULL but dereferenced." % (x)
158coccilib.report.print_report(p[0], msg)
159
160@script:python depends on !context && org && !report@
161p << s.p;
162p1 << ifm.p1;
163x << ifm.E;
164@@
165
166msg="ERROR: %s is NULL but dereferenced." % (x)
167msg_safe=msg.replace("[","@(").replace("]",")")
168cocci.print_main(msg_safe,p)
169
170// For context mode
171
172@depends on context && !org && !report exists@
173expression subE <= ifm.E;
174expression *ifm.E;
175expression E1,E2;
176identifier f;
177statement S1,S2,S3,S4;
178iterator iter;
179position p!={pr1.p1,pr2.p2};
180position ifm.p1;
181@@
182
183if@p1 ((E == NULL && ...) || ...)
184{
185  ... when != if (...) S1 else S2
186(
187 iter(subE,...) S4 // no use
188|
189 list_remove_head(E2,subE,...)
190|
191 subE = E1
192|
193 for(subE = E1;...;...) S4
194|
195 subE++
196|
197 ++subE
198|
199 --subE
200|
201 subE--
202|
203 &subE
204|
205* E->f@p // bad use
206)
207  ... when any
208  return ...;
209}
210else S3
211
212// The following three rules are duplicates of ifm, pr1 and pr2 respectively.
213// It is need because the previous rule as already made a "change".
214
215@ifm1 depends on context && !org && !report@
216expression *E;
217statement S1,S2;
218position p1;
219@@
220
221if@p1 ((E == NULL && ...) || ...) S1 else S2
222
223@pr11 depends on context && !org && !report expression@
224expression *ifm1.E;
225identifier f;
226position p1;
227@@
228
229 (E != NULL && ...) ? <+...E->f@p1...+> : ...
230
231@pr12 depends on context && !org && !report expression@
232expression *ifm1.E;
233identifier f;
234position p2;
235@@
236
237(
238  (E != NULL) && ... && <+...E->f@p2...+>
239|
240  (E == NULL) || ... || <+...E->f@p2...+>
241|
242 sizeof(<+...E->f@p2...+>)
243)
 
 
 
 
 
 
 
 
244
245@depends on context && !org && !report exists@
246expression subE <= ifm1.E;
247expression *ifm1.E;
248expression E1,E2;
249identifier f;
250statement S1,S2,S3,S4;
251iterator iter;
252position p!={pr11.p1,pr12.p2};
253position ifm1.p1;
254@@
255
256if@p1 ((E == NULL && ...) || ...)
257{
258  ... when != if (...) S1 else S2
259(
260 iter(subE,...) S4 // no use
261|
262 list_remove_head(E2,subE,...)
263|
264 subE = E1
265|
266 for(subE = E1;...;...) S4
267|
268 subE++
269|
270 ++subE
271|
272 --subE
273|
274 subE--
275|
276 &subE
277|
278* E->f@p // bad use
279)
280  ... when any
281}
282else S3
v5.9
  1// SPDX-License-Identifier: GPL-2.0-only
  2///
  3/// A variable is dereferenced under a NULL test.
  4/// Even though it is known to be NULL.
  5///
  6// Confidence: Moderate
  7// Copyright: (C) 2010 Nicolas Palix, DIKU.
  8// Copyright: (C) 2010 Julia Lawall, DIKU.
  9// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6.
 10// URL: http://coccinelle.lip6.fr/
 11// Comments: -I ... -all_includes can give more complete results
 12// Options:
 13
 14virtual context
 15virtual org
 16virtual report
 17
 
 
 
 
 
 
 
 
 18// The following two rules are separate, because both can match a single
 19// expression in different ways
 20@pr1 expression@
 21expression E;
 22identifier f;
 23position p1;
 24@@
 25
 26 (E != NULL && ...) ? <+...E->f@p1...+> : ...
 27
 28@pr2 expression@
 29expression E;
 30identifier f;
 31position p2;
 32@@
 33
 34(
 35  (E != NULL) && ... && <+...E->f@p2...+>
 36|
 37  (E == NULL) || ... || <+...E->f@p2...+>
 38|
 39 sizeof(<+...E->f@p2...+>)
 40)
 41
 42@ifm@
 43expression *E;
 44statement S1,S2;
 45position p1;
 46@@
 47
 48if@p1 ((E == NULL && ...) || ...) S1 else S2
 49
 50// For org and report modes
 51
 52@r depends on !context && (org || report) exists@
 53expression subE <= ifm.E;
 54expression *ifm.E;
 55expression E1,E2;
 56identifier f;
 57statement S1,S2,S3,S4;
 58iterator iter;
 59position p!={pr1.p1,pr2.p2};
 60position ifm.p1;
 61@@
 62
 63if@p1 ((E == NULL && ...) || ...)
 64{
 65  ... when != if (...) S1 else S2
 66(
 67 iter(subE,...) S4 // no use
 68|
 69 list_remove_head(E2,subE,...)
 70|
 71 subE = E1
 72|
 73 for(subE = E1;...;...) S4
 74|
 75 subE++
 76|
 77 ++subE
 78|
 79 --subE
 80|
 81 subE--
 82|
 83 &subE
 84|
 85 E->f@p // bad use
 86)
 87  ... when any
 88  return ...;
 89}
 90else S3
 91
 92@script:python depends on !context && !org && report@
 93p << r.p;
 94p1 << ifm.p1;
 95x << ifm.E;
 96@@
 97
 98msg="ERROR: %s is NULL but dereferenced." % (x)
 99coccilib.report.print_report(p[0], msg)
100cocci.include_match(False)
101
102@script:python depends on !context && org && !report@
103p << r.p;
104p1 << ifm.p1;
105x << ifm.E;
106@@
107
108msg="ERROR: %s is NULL but dereferenced." % (x)
109msg_safe=msg.replace("[","@(").replace("]",")")
110cocci.print_main(msg_safe,p)
111cocci.include_match(False)
112
113@s depends on !context && (org || report) exists@
114expression subE <= ifm.E;
115expression *ifm.E;
116expression E1,E2;
117identifier f;
118statement S1,S2,S3,S4;
119iterator iter;
120position p!={pr1.p1,pr2.p2};
121position ifm.p1;
122@@
123
124if@p1 ((E == NULL && ...) || ...)
125{
126  ... when != if (...) S1 else S2
127(
128 iter(subE,...) S4 // no use
129|
130 list_remove_head(E2,subE,...)
131|
132 subE = E1
133|
134 for(subE = E1;...;...) S4
135|
136 subE++
137|
138 ++subE
139|
140 --subE
141|
142 subE--
143|
144 &subE
145|
146 E->f@p // bad use
147)
148  ... when any
149}
150else S3
151
152@script:python depends on !context && !org && report@
153p << s.p;
154p1 << ifm.p1;
155x << ifm.E;
156@@
157
158msg="ERROR: %s is NULL but dereferenced." % (x)
159coccilib.report.print_report(p[0], msg)
160
161@script:python depends on !context && org && !report@
162p << s.p;
163p1 << ifm.p1;
164x << ifm.E;
165@@
166
167msg="ERROR: %s is NULL but dereferenced." % (x)
168msg_safe=msg.replace("[","@(").replace("]",")")
169cocci.print_main(msg_safe,p)
170
171// For context mode
172
173@depends on context && !org && !report exists@
174expression subE <= ifm.E;
175expression *ifm.E;
176expression E1,E2;
177identifier f;
178statement S1,S2,S3,S4;
179iterator iter;
180position p!={pr1.p1,pr2.p2};
181position ifm.p1;
182@@
183
184if@p1 ((E == NULL && ...) || ...)
185{
186  ... when != if (...) S1 else S2
187(
188 iter(subE,...) S4 // no use
189|
190 list_remove_head(E2,subE,...)
191|
192 subE = E1
193|
194 for(subE = E1;...;...) S4
195|
196 subE++
197|
198 ++subE
199|
200 --subE
201|
202 subE--
203|
204 &subE
205|
206* E->f@p // bad use
207)
208  ... when any
209  return ...;
210}
211else S3
212
213// The following three rules are duplicates of ifm, pr1 and pr2 respectively.
214// It is need because the previous rule as already made a "change".
215
 
 
 
 
 
 
 
 
216@pr11 depends on context && !org && !report expression@
217expression E;
218identifier f;
219position p1;
220@@
221
222 (E != NULL && ...) ? <+...E->f@p1...+> : ...
223
224@pr12 depends on context && !org && !report expression@
225expression E;
226identifier f;
227position p2;
228@@
229
230(
231  (E != NULL) && ... && <+...E->f@p2...+>
232|
233  (E == NULL) || ... || <+...E->f@p2...+>
234|
235 sizeof(<+...E->f@p2...+>)
236)
237
238@ifm1 depends on context && !org && !report@
239expression *E;
240statement S1,S2;
241position p1;
242@@
243
244if@p1 ((E == NULL && ...) || ...) S1 else S2
245
246@depends on context && !org && !report exists@
247expression subE <= ifm1.E;
248expression *ifm1.E;
249expression E1,E2;
250identifier f;
251statement S1,S2,S3,S4;
252iterator iter;
253position p!={pr11.p1,pr12.p2};
254position ifm1.p1;
255@@
256
257if@p1 ((E == NULL && ...) || ...)
258{
259  ... when != if (...) S1 else S2
260(
261 iter(subE,...) S4 // no use
262|
263 list_remove_head(E2,subE,...)
264|
265 subE = E1
266|
267 for(subE = E1;...;...) S4
268|
269 subE++
270|
271 ++subE
272|
273 --subE
274|
275 subE--
276|
277 &subE
278|
279* E->f@p // bad use
280)
281  ... when any
282}
283else S3