[Cocci] Software analysis with SmPL around unchecked function calls

From: Markus Elfring <Markus.Elfring@web.de>
To: Coccinelle <cocci@systeme.lip6.fr>
Subject: [Cocci] Software analysis with SmPL around unchecked function calls
Date: Thu, 10 Oct 2019 14:56:55 +0200	[thread overview]
Message-ID: <24130ec6-4a20-7be4-755f-a6dfffcb6c97@web.de> (raw)

Hello,

I would like to try another source code analysis approach out with
the software combination “Coccinelle 1.0.8-00004-g842075f7”.

@display@
expression x;
statement is, es;
@@
(
*x = kmemdup(...);
|if (...)
*x = kmemdup(...);
)
(if (!x) is
|if (...) is else es
|
 ... when any
     when != x
)


This SmPL small script can point an update candidate out like
the function “imx_pd_bind” as expected.
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/imx/parallel-display.c?id=43b815c6a8e7dbccb5b8bd9c4b099c24bc22d135#n197
https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/gpu/drm/imx/parallel-display.c#L197

Unfortunately, I find also some false positives then at other places.

Example:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/cpufreq/sfi-cpufreq.c?id=8a8c600de5dc1d9a7f4b83269fddc80ebd3dd045#n23
https://elixir.bootlin.com/linux/v5.4-rc2/source/drivers/cpufreq/sfi-cpufreq.c#L23

…
@@ -37,7 +37,6 @@ static int sfi_parse_freq(struct sfi_tab
 	pentry = (struct sfi_freq_table_entry *)sb->pentry;
 	totallen = num_freq_table_entries * sizeof(*pentry);

-	sfi_cpufreq_array = kmemdup(pentry, totallen, GFP_KERNEL);
 	if (!sfi_cpufreq_array)
 		return -ENOMEM;
…


Would you like to clarify this situation for the semantic patch language?

Regards,
Markus
_______________________________________________
Cocci mailing list
Cocci@systeme.lip6.fr
https://systeme.lip6.fr/mailman/listinfo/cocci
