[Cocci] Software analysis with SmPL around unchecked function calls

Markus Elfring Thu, 10 Oct 2019 06:05:17 -0700

Hello,

I would like to try another source code analysis approach out with
the software combination “Coccinelle 1.0.8-00004-g842075f7”.


@display@
expression x;
statement is, es;
@@
(
*x = kmemdup(...);
|if (...)
*x = kmemdup(...);
)
(if (!x) is
|if (...) is else es
|
 ... when any
     when != x
)


This SmPL small script can point an update candidate out like
the function “imx_pd_bind” as expected.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/imx/parallel-display.c?id=43b815c6a8e7dbccb5b8bd9c4b099c24bc22d135#n197
https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/gpu/drm/imx/parallel-display.c#L197

Unfortunately, I find also some false positives then at other places.

Example:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/cpufreq/sfi-cpufreq.c?id=8a8c600de5dc1d9a7f4b83269fddc80ebd3dd045#n23
https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/cpufreq/sfi-cpufreq.c#L23

…
@@ -37,7 +37,6 @@ static int sfi_parse_freq(struct sfi_tab
        pentry = (struct sfi_freq_table_entry *)sb->pentry;
        totallen = num_freq_table_entries * sizeof(*pentry);

-       sfi_cpufreq_array = kmemdup(pentry, totallen, GFP_KERNEL);
        if (!sfi_cpufreq_array)
                return -ENOMEM;
…


Would you like to clarify this situation for the semantic patch language?

Regards,
Markus
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci

[Cocci] Software analysis with SmPL around unchecked function calls

Reply via email to