summaryrefslogtreecommitdiffstats
path: root/libxslt/check_valuePopNullDeref.vX.cocci
blob: 2e830917dc38324e68ebd4841fceb5381be6a93e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61

// Fix possible NULL deref for valuePop retval (v3)
// jpokorny@redhat.com
//... when != if (<+...E == NULL...+>) S1
//    when != if (<+...E != NULL...+>) S1
//... when != \(<+...E...+>\|<+...E!=NULL && E1...+>\|<+...E==NULL || E1...+>\)
//... when != \((<+...E->item...+>)\|(<+...E->item...+>)\|(E != NULL) || E1\|(E == NULL) && E1\)
//... when != \((<+...E->item...+>)\|(<+...E=E1...+>)\|(E == NULL) && E1\|(E != NULL) || E1\)

@incl@
@@

#include <libxml/xpathInternals.h>

@voidfn depends on incl exists@
expression E, E1, E2, E3;
identifier fn, item, item2;
statement S1, S2;
@@
void fn (...) {
<...
E = valuePop(...);
+ if (E == NULL) return;
... when != if (<+...E...+>) S1
//    when != if (E->item != E1) S1
    when != E->item2 == NULL && <+... E = E1 ...+>
// specialize->    when != if (<+...E->item...+>) S1
//    when != (<+...E=E1...+>)
//    when != if (E1) {<+...E=E2...+>} S1
//    when != if (E1) S1 else {<+...E=E2...+>}
(
E->item;
|
E->item
... when != \((E == NULL) && E2\|(E != NULL) || E2\)
)
//... when != \((<+...E->item...+>)\|(E == NULL)\|(E != NULL)\)
//... when != \((<+...E->item...+>)\|(<+...E=E1...+>)\|(E == NULL) && E1\|(E != NULL) || E1\)

...>
}

@nonvoidfn depends on incl && !voidfn exists@
expression E;
identifier fn, item;
statement S1, S2;
@@
fn (...) {
<...
E = valuePop(...);
+ if (E == NULL) return NULL;
... when != if (<+...E...+>) S1
//    when != if (<+...E->item...+>) S1
(
E->item;
|
E->item
//... when != \((E == NULL) && E1\|(E != NULL) || E1\)
... when != \((<+...E=E1...+>)\|(E == NULL) || E1\|(E != NULL) && E1\)
)
...>
}
generated by cgit (git 2.34.1) at 2024-05-04 10:07:09 +0000