1/// This semantic patch looks for malloc etc that are not followed by a 2/// NULL check. It only gives a report in the case where there is some 3/// error handling code later in the function, which may be helpful 4/// in determining what the error handling code for the call to malloc etc 5/// should be. 6/// 7// Confidence: High 8// Copyright: (C) 2010 Nicolas Palix, DIKU. GPLv2. 9// Copyright: (C) 2010 Julia Lawall, DIKU. GPLv2. 10// Copyright: (C) 2010 Gilles Muller, INRIA/LiP6. GPLv2. 11// URL: http://coccinelle.lip6.fr/ 12// Comments: 13// Options: --no-includes --include-headers 14// 15// SPDX-License-Identifier: GPL-2.0 16// 17 18virtual context 19virtual org 20virtual report 21 22@withtest@ 23expression x; 24position p; 25identifier f,fld; 26@@ 27 28x@p = f(...); 29... when != x->fld 30\(x == NULL \| x != NULL\) 31 32@fixed depends on context && !org && !report@ 33expression x,x1; 34position p1 != withtest.p; 35statement S; 36position any withtest.p; 37identifier f; 38@@ 39 40*x@p1 = \(malloc\|calloc\)(...); 41... 42*x1@p = f(...); 43if (!x1) S 44 45// ------------------------------------------------------------------------ 46 47@rfixed depends on (org || report) && !context exists@ 48expression x,x1; 49position p1 != withtest.p; 50position p2; 51statement S; 52position any withtest.p; 53identifier f; 54@@ 55 56x@p1 = \(malloc\|calloc\)(...); 57... 58x1@p = f@p2(...); 59if (!x1) S 60 61@script:python depends on org@ 62p1 << rfixed.p1; 63p2 << rfixed.p2; 64@@ 65 66cocci.print_main("alloc call",p1) 67cocci.print_secs("possible model",p2) 68 69@script:python depends on report@ 70p1 << rfixed.p1; 71p2 << rfixed.p2; 72@@ 73 74msg = "alloc with no test, possible model on line %s" % (p2[0].line) 75coccilib.report.print_report(p1[0],msg) 76