Blame - scripts/coccinelle/null/deref_null.cocci - android_kernel_htc_msm8960

blob: cdac6cfcce92cc8ab25304806fbff81991b51dad [file] [log] [blame]

Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	1	///
				2	/// A variable is dereference under a NULL test.
				3	/// Even though it is know to be NULL.
				4	///
				5	// Confidence: Moderate
				6	// Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2.
				7	// Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2.
				8	// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2.
				9	// URL: http://coccinelle.lip6.fr/
				10	// Comments: -I ... -all_includes can give more complete results
				11	// Options:
				12
				13	virtual context
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	14	virtual org
				15	virtual report
				16
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	17	@ifm@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	18	expression *E;
				19	statement S1,S2;
				20	position p1;
				21	@@
				22
				23	if@p1 ((E == NULL && ...) \|\| ...) S1 else S2
				24
				25	// The following two rules are separate, because both can match a single
				26	// expression in different ways
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	27	@pr1 expression@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	28	expression *ifm.E;
				29	identifier f;
				30	position p1;
				31	@@
				32
				33	(E != NULL && ...) ? <+...E->f@p1...+> : ...
				34
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	35	@pr2 expression@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	36	expression *ifm.E;
				37	identifier f;
				38	position p2;
				39	@@
				40
				41	(
				42	(E != NULL) && ... && <+...E->f@p2...+>
				43	\|
				44	(E == NULL) \|\| ... \|\| <+...E->f@p2...+>
				45	\|
				46	sizeof(<+...E->f@p2...+>)
				47	)
				48
				49	// For org and report modes
				50
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	51	@r depends on !context && (org \|\| report) exists@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	52	expression subE <= ifm.E;
				53	expression *ifm.E;
				54	expression E1,E2;
				55	identifier f;
				56	statement S1,S2,S3,S4;
				57	iterator iter;
				58	position p!={pr1.p1,pr2.p2};
				59	position ifm.p1;
				60	@@
				61
				62	if@p1 ((E == NULL && ...) \|\| ...)
				63	{
				64	... when != if (...) S1 else S2
				65	(
				66	iter(subE,...) S4 // no use
				67	\|
				68	list_remove_head(E2,subE,...)
				69	\|
				70	subE = E1
				71	\|
				72	for(subE = E1;...;...) S4
				73	\|
				74	subE++
				75	\|
				76	++subE
				77	\|
				78	--subE
				79	\|
				80	subE--
				81	\|
				82	&subE
				83	\|
				84	E->f@p // bad use
				85	)
				86	... when any
				87	return ...;
				88	}
				89	else S3
				90
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	91	@script:python depends on !context && !org && report@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	92	p << r.p;
				93	p1 << ifm.p1;
				94	x << ifm.E;
				95	@@
				96
				97	msg="ERROR: %s is NULL but dereferenced." % (x)
				98	coccilib.report.print_report(p[0], msg)
				99	cocci.include_match(False)
				100
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	101	@script:python depends on !context && org && !report@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	102	p << r.p;
				103	p1 << ifm.p1;
				104	x << ifm.E;
				105	@@
				106
				107	msg="ERROR: %s is NULL but dereferenced." % (x)
				108	msg_safe=msg.replace("[","@(").replace("]",")")
				109	cocci.print_main(msg_safe,p)
				110	cocci.include_match(False)
				111
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	112	@s depends on !context && (org \|\| report) exists@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	113	expression subE <= ifm.E;
				114	expression *ifm.E;
				115	expression E1,E2;
				116	identifier f;
				117	statement S1,S2,S3,S4;
				118	iterator iter;
				119	position p!={pr1.p1,pr2.p2};
				120	position ifm.p1;
				121	@@
				122
				123	if@p1 ((E == NULL && ...) \|\| ...)
				124	{
				125	... when != if (...) S1 else S2
				126	(
				127	iter(subE,...) S4 // no use
				128	\|
				129	list_remove_head(E2,subE,...)
				130	\|
				131	subE = E1
				132	\|
				133	for(subE = E1;...;...) S4
				134	\|
				135	subE++
				136	\|
				137	++subE
				138	\|
				139	--subE
				140	\|
				141	subE--
				142	\|
				143	&subE
				144	\|
				145	E->f@p // bad use
				146	)
				147	... when any
				148	}
				149	else S3
				150
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	151	@script:python depends on !context && !org && report@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	152	p << s.p;
				153	p1 << ifm.p1;
				154	x << ifm.E;
				155	@@
				156
				157	msg="ERROR: %s is NULL but dereferenced." % (x)
				158	coccilib.report.print_report(p[0], msg)
				159
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	160	@script:python depends on !context && org && !report@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	161	p << s.p;
				162	p1 << ifm.p1;
				163	x << ifm.E;
				164	@@
				165
				166	msg="ERROR: %s is NULL but dereferenced." % (x)
				167	msg_safe=msg.replace("[","@(").replace("]",")")
				168	cocci.print_main(msg_safe,p)
				169
				170	// For context mode
				171
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	172	@depends on context && !org && !report exists@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	173	expression subE <= ifm.E;
				174	expression *ifm.E;
				175	expression E1,E2;
				176	identifier f;
				177	statement S1,S2,S3,S4;
				178	iterator iter;
				179	position p!={pr1.p1,pr2.p2};
				180	position ifm.p1;
				181	@@
				182
				183	if@p1 ((E == NULL && ...) \|\| ...)
				184	{
				185	... when != if (...) S1 else S2
				186	(
				187	iter(subE,...) S4 // no use
				188	\|
				189	list_remove_head(E2,subE,...)
				190	\|
				191	subE = E1
				192	\|
				193	for(subE = E1;...;...) S4
				194	\|
				195	subE++
				196	\|
				197	++subE
				198	\|
				199	--subE
				200	\|
				201	subE--
				202	\|
				203	&subE
				204	\|
				205	* E->f@p // bad use
				206	)
				207	... when any
				208	return ...;
				209	}
				210	else S3
				211
				212	// The following three rules are duplicates of ifm, pr1 and pr2 respectively.
				213	// It is need because the previous rule as already made a "change".
				214
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	215	@ifm1@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	216	expression *E;
				217	statement S1,S2;
				218	position p1;
				219	@@
				220
				221	if@p1 ((E == NULL && ...) \|\| ...) S1 else S2
				222
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	223	@pr11 expression@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	224	expression *ifm1.E;
				225	identifier f;
				226	position p1;
				227	@@
				228
				229	(E != NULL && ...) ? <+...E->f@p1...+> : ...
				230
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	231	@pr12 expression@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	232	expression *ifm1.E;
				233	identifier f;
				234	position p2;
				235	@@
				236
				237	(
				238	(E != NULL) && ... && <+...E->f@p2...+>
				239	\|
				240	(E == NULL) \|\| ... \|\| <+...E->f@p2...+>
				241	\|
				242	sizeof(<+...E->f@p2...+>)
				243	)
				244
Julia Lawall	a1087ef	2010-11-24 15:54:18 +0100	[diff] [blame]	245	@depends on context && !org && !report exists@
Nicolas Palix	82c4340	2010-06-06 17:15:07 +0200	[diff] [blame]	246	expression subE <= ifm1.E;
				247	expression *ifm1.E;
				248	expression E1,E2;
				249	identifier f;
				250	statement S1,S2,S3,S4;
				251	iterator iter;
				252	position p!={pr11.p1,pr12.p2};
				253	position ifm1.p1;
				254	@@
				255
				256	if@p1 ((E == NULL && ...) \|\| ...)
				257	{
				258	... when != if (...) S1 else S2
				259	(
				260	iter(subE,...) S4 // no use
				261	\|
				262	list_remove_head(E2,subE,...)
				263	\|
				264	subE = E1
				265	\|
				266	for(subE = E1;...;...) S4
				267	\|
				268	subE++
				269	\|
				270	++subE
				271	\|
				272	--subE
				273	\|
				274	subE--
				275	\|
				276	&subE
				277	\|
				278	* E->f@p // bad use
				279	)
				280	... when any
				281	}
				282	else S3