Commit | Line | Data |
---|---|---|
7f904d7e | 1 | // SPDX-License-Identifier: GPL-2.0-only |
82c4340b | 2 | /// |
7c2aa611 JL |
3 | /// A variable is dereferenced under a NULL test. |
4 | /// Even though it is known to be NULL. | |
82c4340b NP |
5 | /// |
6 | // Confidence: Moderate | |
7f904d7e TG |
7 | // Copyright: (C) 2010 Nicolas Palix, DIKU. |
8 | // Copyright: (C) 2010 Julia Lawall, DIKU. | |
9 | // Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. | |
f01701ce | 10 | // URL: https://coccinelle.gitlabpages.inria.fr/website |
82c4340b NP |
11 | // Comments: -I ... -all_includes can give more complete results |
12 | // Options: | |
13 | ||
14 | virtual context | |
82c4340b NP |
15 | virtual org |
16 | virtual report | |
17 | ||
82c4340b NP |
18 | // The following two rules are separate, because both can match a single |
19 | // expression in different ways | |
a1087ef6 | 20 | @pr1 expression@ |
21195f8e | 21 | expression E; |
82c4340b NP |
22 | identifier f; |
23 | position p1; | |
24 | @@ | |
25 | ||
26 | (E != NULL && ...) ? <+...E->f@p1...+> : ... | |
27 | ||
a1087ef6 | 28 | @pr2 expression@ |
21195f8e | 29 | expression E; |
82c4340b NP |
30 | identifier f; |
31 | position p2; | |
32 | @@ | |
33 | ||
34 | ( | |
35 | (E != NULL) && ... && <+...E->f@p2...+> | |
36 | | | |
37 | (E == NULL) || ... || <+...E->f@p2...+> | |
38 | | | |
39 | sizeof(<+...E->f@p2...+>) | |
40 | ) | |
41 | ||
21195f8e JL |
42 | @ifm@ |
43 | expression *E; | |
44 | statement S1,S2; | |
45 | position p1; | |
46 | @@ | |
47 | ||
48 | if@p1 ((E == NULL && ...) || ...) S1 else S2 | |
49 | ||
82c4340b NP |
50 | // For org and report modes |
51 | ||
a1087ef6 | 52 | @r depends on !context && (org || report) exists@ |
82c4340b NP |
53 | expression subE <= ifm.E; |
54 | expression *ifm.E; | |
55 | expression E1,E2; | |
56 | identifier f; | |
57 | statement S1,S2,S3,S4; | |
58 | iterator iter; | |
59 | position p!={pr1.p1,pr2.p2}; | |
60 | position ifm.p1; | |
61 | @@ | |
62 | ||
63 | if@p1 ((E == NULL && ...) || ...) | |
64 | { | |
65 | ... when != if (...) S1 else S2 | |
66 | ( | |
67 | iter(subE,...) S4 // no use | |
68 | | | |
69 | list_remove_head(E2,subE,...) | |
70 | | | |
71 | subE = E1 | |
72 | | | |
73 | for(subE = E1;...;...) S4 | |
74 | | | |
75 | subE++ | |
76 | | | |
77 | ++subE | |
78 | | | |
79 | --subE | |
80 | | | |
81 | subE-- | |
82 | | | |
83 | &subE | |
84 | | | |
85 | E->f@p // bad use | |
86 | ) | |
87 | ... when any | |
88 | return ...; | |
89 | } | |
90 | else S3 | |
91 | ||
a1087ef6 | 92 | @script:python depends on !context && !org && report@ |
82c4340b NP |
93 | p << r.p; |
94 | p1 << ifm.p1; | |
95 | x << ifm.E; | |
96 | @@ | |
97 | ||
98 | msg="ERROR: %s is NULL but dereferenced." % (x) | |
99 | coccilib.report.print_report(p[0], msg) | |
100 | cocci.include_match(False) | |
101 | ||
a1087ef6 | 102 | @script:python depends on !context && org && !report@ |
82c4340b NP |
103 | p << r.p; |
104 | p1 << ifm.p1; | |
105 | x << ifm.E; | |
106 | @@ | |
107 | ||
108 | msg="ERROR: %s is NULL but dereferenced." % (x) | |
109 | msg_safe=msg.replace("[","@(").replace("]",")") | |
110 | cocci.print_main(msg_safe,p) | |
111 | cocci.include_match(False) | |
112 | ||
a1087ef6 | 113 | @s depends on !context && (org || report) exists@ |
82c4340b NP |
114 | expression subE <= ifm.E; |
115 | expression *ifm.E; | |
116 | expression E1,E2; | |
117 | identifier f; | |
118 | statement S1,S2,S3,S4; | |
119 | iterator iter; | |
120 | position p!={pr1.p1,pr2.p2}; | |
121 | position ifm.p1; | |
122 | @@ | |
123 | ||
124 | if@p1 ((E == NULL && ...) || ...) | |
125 | { | |
126 | ... when != if (...) S1 else S2 | |
127 | ( | |
128 | iter(subE,...) S4 // no use | |
129 | | | |
130 | list_remove_head(E2,subE,...) | |
131 | | | |
132 | subE = E1 | |
133 | | | |
134 | for(subE = E1;...;...) S4 | |
135 | | | |
136 | subE++ | |
137 | | | |
138 | ++subE | |
139 | | | |
140 | --subE | |
141 | | | |
142 | subE-- | |
143 | | | |
144 | &subE | |
145 | | | |
146 | E->f@p // bad use | |
147 | ) | |
148 | ... when any | |
149 | } | |
150 | else S3 | |
151 | ||
a1087ef6 | 152 | @script:python depends on !context && !org && report@ |
82c4340b NP |
153 | p << s.p; |
154 | p1 << ifm.p1; | |
155 | x << ifm.E; | |
156 | @@ | |
157 | ||
158 | msg="ERROR: %s is NULL but dereferenced." % (x) | |
159 | coccilib.report.print_report(p[0], msg) | |
160 | ||
a1087ef6 | 161 | @script:python depends on !context && org && !report@ |
82c4340b NP |
162 | p << s.p; |
163 | p1 << ifm.p1; | |
164 | x << ifm.E; | |
165 | @@ | |
166 | ||
167 | msg="ERROR: %s is NULL but dereferenced." % (x) | |
168 | msg_safe=msg.replace("[","@(").replace("]",")") | |
169 | cocci.print_main(msg_safe,p) | |
170 | ||
171 | // For context mode | |
172 | ||
a1087ef6 | 173 | @depends on context && !org && !report exists@ |
82c4340b NP |
174 | expression subE <= ifm.E; |
175 | expression *ifm.E; | |
176 | expression E1,E2; | |
177 | identifier f; | |
178 | statement S1,S2,S3,S4; | |
179 | iterator iter; | |
180 | position p!={pr1.p1,pr2.p2}; | |
181 | position ifm.p1; | |
182 | @@ | |
183 | ||
184 | if@p1 ((E == NULL && ...) || ...) | |
185 | { | |
186 | ... when != if (...) S1 else S2 | |
187 | ( | |
188 | iter(subE,...) S4 // no use | |
189 | | | |
190 | list_remove_head(E2,subE,...) | |
191 | | | |
192 | subE = E1 | |
193 | | | |
194 | for(subE = E1;...;...) S4 | |
195 | | | |
196 | subE++ | |
197 | | | |
198 | ++subE | |
199 | | | |
200 | --subE | |
201 | | | |
202 | subE-- | |
203 | | | |
204 | &subE | |
205 | | | |
206 | * E->f@p // bad use | |
207 | ) | |
208 | ... when any | |
209 | return ...; | |
210 | } | |
211 | else S3 | |
212 | ||
213 | // The following three rules are duplicates of ifm, pr1 and pr2 respectively. | |
214 | // It is need because the previous rule as already made a "change". | |
215 | ||
a2b0fe74 | 216 | @pr11 depends on context && !org && !report expression@ |
21195f8e | 217 | expression E; |
82c4340b NP |
218 | identifier f; |
219 | position p1; | |
220 | @@ | |
221 | ||
222 | (E != NULL && ...) ? <+...E->f@p1...+> : ... | |
223 | ||
a2b0fe74 | 224 | @pr12 depends on context && !org && !report expression@ |
21195f8e | 225 | expression E; |
82c4340b NP |
226 | identifier f; |
227 | position p2; | |
228 | @@ | |
229 | ||
230 | ( | |
231 | (E != NULL) && ... && <+...E->f@p2...+> | |
232 | | | |
233 | (E == NULL) || ... || <+...E->f@p2...+> | |
234 | | | |
235 | sizeof(<+...E->f@p2...+>) | |
236 | ) | |
237 | ||
21195f8e JL |
238 | @ifm1 depends on context && !org && !report@ |
239 | expression *E; | |
240 | statement S1,S2; | |
241 | position p1; | |
242 | @@ | |
243 | ||
244 | if@p1 ((E == NULL && ...) || ...) S1 else S2 | |
245 | ||
a1087ef6 | 246 | @depends on context && !org && !report exists@ |
82c4340b NP |
247 | expression subE <= ifm1.E; |
248 | expression *ifm1.E; | |
249 | expression E1,E2; | |
250 | identifier f; | |
251 | statement S1,S2,S3,S4; | |
252 | iterator iter; | |
253 | position p!={pr11.p1,pr12.p2}; | |
254 | position ifm1.p1; | |
255 | @@ | |
256 | ||
257 | if@p1 ((E == NULL && ...) || ...) | |
258 | { | |
259 | ... when != if (...) S1 else S2 | |
260 | ( | |
261 | iter(subE,...) S4 // no use | |
262 | | | |
263 | list_remove_head(E2,subE,...) | |
264 | | | |
265 | subE = E1 | |
266 | | | |
267 | for(subE = E1;...;...) S4 | |
268 | | | |
269 | subE++ | |
270 | | | |
271 | ++subE | |
272 | | | |
273 | --subE | |
274 | | | |
275 | subE-- | |
276 | | | |
277 | &subE | |
278 | | | |
279 | * E->f@p // bad use | |
280 | ) | |
281 | ... when any | |
282 | } | |
283 | else S3 |