From 215c7ada006d3badc4fc28bd1b8f5f03fddf04b3 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Tue, 6 Mar 2018 17:14:48 +0300 Subject: [PATCH] return_to_param: fix a crashing bug This started happening when I upgraded to the latest Sparse. So I'm not totally sure why I did this HACK ALERT... And I also can't swear that this fix is correct because the test cases aren't there... But what happens is that we use the left_sym, because it gets passed to smatch_extra mod expression. So the hack says we don't use it but that's wrong. Then check_rosenberg.c hooks into smatch_extra and looks up the type of the symbol which doesn't work since it's an expression pointer. And it cause a crash. I think this fix will work 99 times out of a hundred and it's probably harmless the remaining time. Signed-off-by: Dan Carpenter --- smatch_return_to_param.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/smatch_return_to_param.c b/smatch_return_to_param.c index 4e056937..8ed68b6d 100644 --- a/smatch_return_to_param.c +++ b/smatch_return_to_param.c @@ -256,17 +256,14 @@ void __add_return_to_param_mapping(struct expression *expr, const char *return_s expr_get_parent_stmt(expr) && expr_get_parent_stmt(expr)->type == STMT_RETURN) { call = strip_expr(expr); + left_sym = expr_to_sym(call->fn); + if (!left_sym) + return; left_name = expr_to_str(call); if (!left_name) - goto free; + return; - /* - * HACK ALERT: The symbol pointer is basically used as a cookie - * and not used as a pointer so we can pass expr here without - * causing an issue. - * - */ - store_mapping_helper(left_name, (struct symbol *)expr, call, return_string); + store_mapping_helper(left_name, left_sym, call, return_string); goto free; } -- 2.11.4.GIT