validation/sm_null_deref.c

   1 //#include <stdlib.h>
   2
   3 struct foo {
   4         int a;
   5 };
   6
   7 struct foo a;
   8 struct foo b;
   9 struct foo c;
  10 struct foo d;
  11
  12 static void func (void)
  13 {
  14         struct foo *aa;
  15         int ab = 0;
  16         int ac = 1;
  17
  18         aa->a = 1;
  19
  20         if (a) {
  21                 a->a = 1;
  22         }
  23         a->a = 1;
  24
  25         if (a && b) {
  26                 b->a = 1;
  27         }
  28
  29         if (a || b) {
  30                 b->a = 1;
  31         }
  32
  33         if (c) {
  34                 ab = 1;
  35         }
  36
  37         if (ab) {
  38                 c->a = 1;
  39         }
  40
  41         d = 0;
  42         if (c) {
  43                 d = malloc(sizeof(*d));
  44                 ac = 2;
  45         }
  46
  47         if (ac) {
  48                 d->a = 2;
  49         }
  50 }
  51 /*
  52  * check-name: Null Dereferences
  53  * check-command: smatch --spammy sm_null_deref.c
  54  *
  55  * check-output-start
  56 sm_null_deref.c +18 func(6) error: dereferencing undefined:  'aa'
  57 sm_null_deref.c +18 func(6) error: potentially derefencing uninitialized 'aa'.
  58 sm_null_deref.c +23 func(11) error: dereferencing undefined:  'a'
  59 sm_null_deref.c +25 func(13) warn: variable dereferenced before check 'a'
  60 sm_null_deref.c +30 func(18) error: dereferencing undefined:  'b'
  61 sm_null_deref.c +48 func(36) error: dereferencing undefined:  'd'
  62 sm_null_deref.c +48 func(36) error: potential null derefence 'd'.
  63  * check-output-end
  64  */