| commit | 07f0a932a8af84bb540cae2ba46b82f277c05d62 | |
| author | Dan Carpenter <dan.carpenter@oracle.com> | |
| Tue, 12 Feb 2019 05:46:41 +0000 (12 08:46 +0300) | ||
| committer | Dan Carpenter <dan.carpenter@oracle.com> | |
| Tue, 12 Feb 2019 05:46:41 +0000 (12 08:46 +0300) | ||
| tree | 0c7af5e159420fadabad001ce77ec4fb6e1fc290 | treesnapshot (tar.gz zip) |
| parent | f639fbb2501bb39de11fc73f6e0b2aaec8821a5e | commitdiff |
states: fix a bug handling negate
It has been a long time since I have had to fix a core flow analysis bug
like this. It's very exciting.
This is fallout from how I re-wrote conditions to use fake cur strees
several years ago. Originally when you would set the true and false
states that would also set the cur_stree. But these days that is never
done implicitly, it has to be done explicitly.
In the kernel this mostly affects NULL checks. Before when we had NULL
checks in smatch extra then those were handled as a special case, but now
we create a fake != NULL expression and use the regular comparison code to
handle it. The special case code set both the true and false paths. We
don't want that if we already know the pointer is non-NULL because it ends
up over writing the implications. So the new code is correct. But because
it wasn't setting both the true and false paths that exposed this bug in
__negate_cond_stacks().
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
It has been a long time since I have had to fix a core flow analysis bug
like this. It's very exciting.
This is fallout from how I re-wrote conditions to use fake cur strees
several years ago. Originally when you would set the true and false
states that would also set the cur_stree. But these days that is never
done implicitly, it has to be done explicitly.
In the kernel this mostly affects NULL checks. Before when we had NULL
checks in smatch extra then those were handled as a special case, but now
we create a fake != NULL expression and use the regular comparison code to
handle it. The special case code set both the true and false paths. We
don't want that if we already know the pointer is non-NULL because it ends
up over writing the implications. So the new code is correct. But because
it wasn't setting both the true and false paths that exposed this bug in
__negate_cond_stacks().
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
| smatch_states.c | diffblobblamehistory |