Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / a254a9da455c171441ab3a76ed8f5d1e9412e15f / . / scripts / coccinelle / null / deref_null.cocci
blob: 98f1e7faf503137204f6e567e079c3a455a571ff [file] [log] [blame]
Thomas Gleixner7f904d72019-06-04 10:11:38 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-only
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]2///
Julia Lawall7c2aa612015-10-17 11:35:46 +0200[diff] [blame]3/// A variable is dereferenced under a NULL test.
4/// Even though it is known to be NULL.
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]5///
6// Confidence: Moderate
Thomas Gleixner7f904d72019-06-04 10:11:38 +0200[diff] [blame]7// Copyright: (C) 2010 Nicolas Palix, DIKU.
8// Copyright: (C) 2010 Julia Lawall, DIKU.
9// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6.
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]10// URL: http://coccinelle.lip6.fr/
11// Comments: -I ... -all_includes can give more complete results
12// Options:
13
14virtual context
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]15virtual org
16virtual report
17
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]18// The following two rules are separate, because both can match a single
19// expression in different ways
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]20@pr1 expression@
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]21expression E;
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]22identifier f;
23position p1;
24@@
25
26 (E != NULL && ...) ? <+...E->f@p1...+> : ...
27
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]28@pr2 expression@
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]29expression E;
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]30identifier f;
31position p2;
32@@
33
34(
35 (E != NULL) && ... && <+...E->f@p2...+>
36|
37 (E == NULL) || ... || <+...E->f@p2...+>
38|
39 sizeof(<+...E->f@p2...+>)
40)
41
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]42@ifm@
43expression *E;
44statement S1,S2;
45position p1;
46@@
47
48if@p1 ((E == NULL && ...) || ...) S1 else S2
49
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]50// For org and report modes
51
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]52@r depends on !context && (org || report) exists@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]53expression subE <= ifm.E;
54expression *ifm.E;
55expression E1,E2;
56identifier f;
57statement S1,S2,S3,S4;
58iterator iter;
59position p!={pr1.p1,pr2.p2};
60position ifm.p1;
61@@
62
63if@p1 ((E == NULL && ...) || ...)
64{
65 ... when != if (...) S1 else S2
66(
67 iter(subE,...) S4 // no use
68|
69 list_remove_head(E2,subE,...)
70|
71 subE = E1
72|
73 for(subE = E1;...;...) S4
74|
75 subE++
76|
77 ++subE
78|
79 --subE
80|
81 subE--
82|
83 &subE
84|
85 E->f@p // bad use
86)
87 ... when any
88 return ...;
89}
90else S3
91
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]92@script:python depends on !context && !org && report@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]93p << r.p;
94p1 << ifm.p1;
95x << ifm.E;
96@@
97
98msg="ERROR: %s is NULL but dereferenced." % (x)
99coccilib.report.print_report(p[0], msg)
100cocci.include_match(False)
101
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]102@script:python depends on !context && org && !report@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]103p << r.p;
104p1 << ifm.p1;
105x << ifm.E;
106@@
107
108msg="ERROR: %s is NULL but dereferenced." % (x)
109msg_safe=msg.replace("[","@(").replace("]",")")
110cocci.print_main(msg_safe,p)
111cocci.include_match(False)
112
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]113@s depends on !context && (org || report) exists@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]114expression subE <= ifm.E;
115expression *ifm.E;
116expression E1,E2;
117identifier f;
118statement S1,S2,S3,S4;
119iterator iter;
120position p!={pr1.p1,pr2.p2};
121position ifm.p1;
122@@
123
124if@p1 ((E == NULL && ...) || ...)
125{
126 ... when != if (...) S1 else S2
127(
128 iter(subE,...) S4 // no use
129|
130 list_remove_head(E2,subE,...)
131|
132 subE = E1
133|
134 for(subE = E1;...;...) S4
135|
136 subE++
137|
138 ++subE
139|
140 --subE
141|
142 subE--
143|
144 &subE
145|
146 E->f@p // bad use
147)
148 ... when any
149}
150else S3
151
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]152@script:python depends on !context && !org && report@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]153p << s.p;
154p1 << ifm.p1;
155x << ifm.E;
156@@
157
158msg="ERROR: %s is NULL but dereferenced." % (x)
159coccilib.report.print_report(p[0], msg)
160
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]161@script:python depends on !context && org && !report@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]162p << s.p;
163p1 << ifm.p1;
164x << ifm.E;
165@@
166
167msg="ERROR: %s is NULL but dereferenced." % (x)
168msg_safe=msg.replace("[","@(").replace("]",")")
169cocci.print_main(msg_safe,p)
170
171// For context mode
172
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]173@depends on context && !org && !report exists@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]174expression subE <= ifm.E;
175expression *ifm.E;
176expression E1,E2;
177identifier f;
178statement S1,S2,S3,S4;
179iterator iter;
180position p!={pr1.p1,pr2.p2};
181position ifm.p1;
182@@
183
184if@p1 ((E == NULL && ...) || ...)
185{
186 ... when != if (...) S1 else S2
187(
188 iter(subE,...) S4 // no use
189|
190 list_remove_head(E2,subE,...)
191|
192 subE = E1
193|
194 for(subE = E1;...;...) S4
195|
196 subE++
197|
198 ++subE
199|
200 --subE
201|
202 subE--
203|
204 &subE
205|
206* E->f@p // bad use
207)
208 ... when any
209 return ...;
210}
211else S3
212
213// The following three rules are duplicates of ifm, pr1 and pr2 respectively.
214// It is need because the previous rule as already made a "change".
215
Julia Lawalla2b0fe72018-02-03 08:44:58 +0100[diff] [blame]216@pr11 depends on context && !org && !report expression@
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]217expression E;
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]218identifier f;
219position p1;
220@@
221
222 (E != NULL && ...) ? <+...E->f@p1...+> : ...
223
Julia Lawalla2b0fe72018-02-03 08:44:58 +0100[diff] [blame]224@pr12 depends on context && !org && !report expression@
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]225expression E;
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]226identifier f;
227position p2;
228@@
229
230(
231 (E != NULL) && ... && <+...E->f@p2...+>
232|
233 (E == NULL) || ... || <+...E->f@p2...+>
234|
235 sizeof(<+...E->f@p2...+>)
236)
237
Julia Lawall21195f82018-05-21 08:58:59 +0200[diff] [blame]238@ifm1 depends on context && !org && !report@
239expression *E;
240statement S1,S2;
241position p1;
242@@
243
244if@p1 ((E == NULL && ...) || ...) S1 else S2
245
Julia Lawalla1087ef2010-11-24 15:54:18 +0100[diff] [blame]246@depends on context && !org && !report exists@
Nicolas Palix82c43402010-06-06 17:15:07 +0200[diff] [blame]247expression subE <= ifm1.E;
248expression *ifm1.E;
249expression E1,E2;
250identifier f;
251statement S1,S2,S3,S4;
252iterator iter;
253position p!={pr11.p1,pr12.p2};
254position ifm1.p1;
255@@
256
257if@p1 ((E == NULL && ...) || ...)
258{
259 ... when != if (...) S1 else S2
260(
261 iter(subE,...) S4 // no use
262|
263 list_remove_head(E2,subE,...)
264|
265 subE = E1
266|
267 for(subE = E1;...;...) S4
268|
269 subE++
270|
271 ++subE
272|
273 --subE
274|
275 subE--
276|
277 &subE
278|
279* E->f@p // bad use
280)
281 ... when any
282}
283else S3