1 /// This semantic patch looks for malloc etc that are not followed by a 2 /// NULL check. It only gives a report in the case where there is some 3 /// error handling code later in the function, which may be helpful 4 /// in determining what the error handling code for the call to malloc etc 5 /// should be. 6 /// 7 // Confidence: High 8 // Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2. 9 // Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2. 10 // Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2. 11 // URL: http://coccinelle.lip6.fr/ 12 // Comments: 13 // Options: --no-includes --include-headers 14 // 15 // SPDX-License-Identifier: GPL-2.0 16 // 17 18 virtual context 19 virtual org 20 virtual report 21 22 @withtest@ 23 expression x; 24 position p; 25 identifier f,fld; 26 @@ 27 28 x@p = f(...); 29 ... when != x->fld 30 \(x == NULL \| x != NULL\) 31 32 @fixed depends on context && !org && !report@ 33 expression x,x1; 34 position p1 != withtest.p; 35 statement S; 36 position any withtest.p; 37 identifier f; 38 @@ 39 40 *x@p1 = \(malloc\|calloc\)(...); 41 ... 42 *x1@p = f(...); 43 if (!x1) S 44 45 // ------------------------------------------------------------------------ 46 47 @rfixed depends on (org || report) && !context exists@ 48 expression x,x1; 49 position p1 != withtest.p; 50 position p2; 51 statement S; 52 position any withtest.p; 53 identifier f; 54 @@ 55 56 x@p1 = \(malloc\|calloc\)(...); 57 ... 58 x1@p = f@p2(...); 59 if (!x1) S 60 61 @script:python depends on org@ 62 p1 << rfixed.p1; 63 p2 << rfixed.p2; 64 @@ 65 66 cocci.print_main("alloc call",p1) 67 cocci.print_secs("possible model",p2) 68 69 @script:python depends on report@ 70 p1 << rfixed.p1; 71 p2 << rfixed.p2; 72 @@ 73 74 msg = "alloc with no test, possible model on line %s" % (p2[0].line) 75 coccilib.report.print_report(p1[0],msg) 76
