Avoiding selected variables assignments before null pointer checks
Hello,
Another source code search approach can occasionally be helpful also by the
means
of the semantic patch language (Coccinelle software).
Example:
@display@
expression action, input, target;
identifier member1, member2, var;
type t;
@@
(
*t var = \( & \( input->member1 \| input->member1.member2 \) \| action(..., &
\( input->member1 \| input->member1.member2 \), ...) \);
... when != input
when any
|
*target = \( & \( input->member1 \| input->member1.member2 \) \| action(..., &
\( input->member1 \| input->member1.member2 \), ...) \);
... when != input
when any
)
*if (input == NULL || ...)
( return ...;
|{
...
return ...;
}
)
Test result:
Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> time /usr/bin/spatch
--timeout 23 -j4 --chunksize 1 --no-loops -dir .
…/Projekte/Coccinelle/janitor/show_pointer_dereferences_before_check10.cocci >
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-20260701.diff
2>
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-errors-20260701.txt
real 32m26,907s
user 105m10,515s
sys 0m45,265s
Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> lsdiff
…/Projekte/Bau/Linux/scripts/Coccinelle/show_pointer_dereferences_before_check10-20260701.diff
| wc -l
44
How will chances evolve to adjust more places according to remaining update
candidates?
See also once more:
EXP34-C: Do not dereference null pointers
https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/rules/expressions-exp/exp34-c/
Regards,
Markus