On Thu, 4 May 2017, Gustavo A. R. Silva wrote:
>
> Hello everybody,
>
> I'm trying to write a cocci script to catch false positives during static
> analysis to the Linux kernel code.
> What I want to catch is the following type of code:
>
> ...
> if (!ptr) {
> ...
> goto label;
> }
> ...
> var = ptr->x;
> ...
> label:
> ... (here it is not supposed to find any other _ptr_ pointer dereference)
>
> in the piece of code above a static code analyzer like Coverity issues a
> pointer dereference after null check.
>
> I've been trying the following:
>
> @@
> expression E;
> identifier i, id, label;
> position p1, p2;
> @@
> +E = NULL;
> if (!E) {
> ...
> goto@p1 label;
> +E = NULL;
> }@p2
> ...
> id = E->i
> ...
> label:
> +E = NULL;
>
> but I don't get any output. Here all the _+_ are just for reference. I don't
> plan to include them in any patch. I just want to spot all similar code.
>
> Any help would be greatly appreciated.
Could you try the following:
@@
expression ptr;
identifier x;
@@
... when != false ptr == NULL
*ptr->x
The when != false means that the false branch of an if testing that ptr ==
NULL is not taken on the way to the dereference.
julia
_______________________________________________
Cocci mailing list
[email protected]
https://systeme.lip6.fr/mailman/listinfo/cocci
