summaryrefslogtreecommitdiff
path: root/scripts/coccinelle/misc/badty.cocci
blob: 481cf301ccfc3abf2b68c8dcc8b59612ed2e9841 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/// Use ARRAY_SIZE instead of dividing sizeof array with sizeof an element
///
//# This makes an effort to find cases where the argument to sizeof is wrong
//# in memory allocation functions by checking the type of the allocated memory
//# when it is a double pointer and ensuring the sizeof argument takes a pointer
//# to the the memory being allocated. There are false positives in cases the
//# sizeof argument is not used in constructing the return value. The result
//# may need some reformatting.
//
// Confidence: Moderate
// Copyright: (C) 2014 Himangi Saraogi.  GPLv2.
// Comments:
// Options:

virtual patch
virtual context
virtual org
virtual report

//----------------------------------------------------------
//  For context mode
//----------------------------------------------------------

@depends on context disable sizeof_type_expr@
type T;
T **x;
@@

  x =
  <+...sizeof(
* T
  )...+>

//----------------------------------------------------------
//  For patch mode
//----------------------------------------------------------

@depends on patch disable sizeof_type_expr@
type T;
T **x;
@@

  x =
  <+...sizeof(
- T
+ *x
  )...+>

//----------------------------------------------------------
//  For org and report mode
//----------------------------------------------------------

@r depends on (org || report) disable sizeof_type_expr@
type T;
T **x;
position p;
@@

  x =
  <+...sizeof(
  T@p
  )...+>

@script:python depends on org@
p << r.p;
@@

coccilib.org.print_todo(p[0], "WARNING sizeof argument should be pointer type, not structure type")

@script:python depends on report@
p << r.p;
@@

msg="WARNING: Use correct pointer type argument for sizeof"
coccilib.report.print_report(p[0], msg)