Thanks again.
Would you be so kind to help me with the following thing?
// RG - detect invalid pointer usage
// invalid - after realloc or free
@r@
expression E;
type T;
position p;
@@
(
E = (T) realloc@p(E,...)
|
E = (T) my_realloc@p(E, ...)
)
@@
expression E, E2, E3;
identifier fld;
identifier func !~ "dbg";
position p2 != r.p;
@@
(
realloc@p2(E, ...)
|
my_realloc@p2(E, ...)
|
free(E)
|
my_free(E)
)
...
(
E = E2;
|
- *E
+ BUG(*E)
|
- E[E3]
+ BUG(E[E3])
|
- E->fld
+ BUG(E)
|
-func(E)
+BUG(E)
|
func(...,
- E,
+ BUG(E),
...)
)
1. Without func(E) -> BUG(E) double free is not catched. Why? Why
doesn't the following work?
|
-func(E)
+func(BUG(E))
(I get EXN:Invalid_argument("equal: abstract value"))
2. Related to 1 - why do I get:
EXN:Invalid_argument("equal: abstract value")
for some files with posted version? Is it related to
http://comments.gmane.org/gmane.comp.version-control.coccinelle/1758?
Best regards,
Robert
_______________________________________________
Cocci mailing list
[email protected]
http://lists.diku.dk/mailman/listinfo/cocci
(Web access from inside DIKUs LAN only)
