From 07f0a932a8af84bb540cae2ba46b82f277c05d62 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 12 Feb 2019 08:46:41 +0300 Subject: [PATCH] states: fix a bug handling negate It has been a long time since I have had to fix a core flow analysis bug like this. It's very exciting. This is fallout from how I re-wrote conditions to use fake cur strees several years ago. Originally when you would set the true and false states that would also set the cur_stree. But these days that is never done implicitly, it has to be done explicitly. In the kernel this mostly affects NULL checks. Before when we had NULL checks in smatch extra then those were handled as a special case, but now we create a fake != NULL expression and use the regular comparison code to handle it. The special case code set both the true and false paths. We don't want that if we already know the pointer is non-NULL because it ends up over writing the implications. So the new code is correct. But because it wasn't setting both the true and false paths that exposed this bug in __negate_cond_stacks(). Signed-off-by: Dan Carpenter --- smatch_states.c | 1 - 1 file changed, 1 deletion(-) diff --git a/smatch_states.c b/smatch_states.c index c7a9c85d..ff5f4a90 100644 --- a/smatch_states.c +++ b/smatch_states.c @@ -789,7 +789,6 @@ void __negate_cond_stacks(void) { struct stree *old_false, *old_true; - __use_cond_stack(&cond_false_stack); old_false = pop_stree(&cond_false_stack); old_true = pop_stree(&cond_true_stack); push_stree(&cond_false_stack, old_true); -- 2.11.4.GIT