[PATCH 2/2] staging: emxx_udc: test returned value

Greg Kroah-Hartman gregkh at linuxfoundation.org
Sat Apr 4 16:54:25 UTC 2015 

On Sat, Apr 04, 2015 at 06:20:53PM +0200, Julia Lawall wrote:
> 
> 
> On Sat, 4 Apr 2015, Greg Kroah-Hartman wrote:
> 
> > On Sat, Apr 04, 2015 at 04:59:30PM +0200, Julia Lawall wrote:
> > > Put NULL test on the result of the previous call instead on one of its
> > > arguments.  A simplified version of the semantic match that finds this
> > > problem is as follows (http://coccinelle.lip6.fr/):
> > > 
> > > // <smpl>
> > > r@
> > > expression *e1;
> > > expression *e2;
> > > identifier f;
> > > statement S1,S2;
> > > @@
> > > 
> > > e1 = f(...,e2,...);
> > > (
> > > if (e1 == NULL || ...) S1 else S2
> > > |
> > > *if (e2 == NULL || ...) S1 else S2
> > > )
> > > // </smpl>
> > > 
> > > Signed-off-by: Julia Lawall <Julia.Lawall at lip6.fr>
> > > 
> > > ---
> > >  drivers/staging/emxx_udc/emxx_udc.c |    2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/drivers/staging/emxx_udc/emxx_udc.c b/drivers/staging/emxx_udc/emxx_udc.c
> > > index fbf82bc..7de1e9e 100644
> > > --- a/drivers/staging/emxx_udc/emxx_udc.c
> > > +++ b/drivers/staging/emxx_udc/emxx_udc.c
> > > @@ -2998,7 +2998,7 @@ static void  nbu2ss_ep_fifo_flush(struct usb_ep *_ep)
> > >  	}
> > >  
> > >  	ep = container_of(_ep, struct nbu2ss_ep, ep);
> > > -	if (!_ep) {
> > > +	if (!ep) {
> > 
> > This is actually even worse, container_of() can't return NULL.  Or if it
> > does, something is really wrong (it can only happen if the field happens
> > to be the first field in the structure and the original pointer was
> > NULL).  So I would say that all tests for container_of (and
> > functions/macros that are just wrappers around container_of()) can just
> > be deleted as they will never be triggered.
> 
> Couldn't one say:
> 
> x = NULL;
> y = &x->whatever;
> z = container_of(y, struct blah, whatever);
> 
> and end up with z being NULL?

Yes, if you were really lucky.  If you are passing a pointer to
container_of() it had better be checked to be NULL before, not after,
the operation, as afterward makes no sense because this is just pointer
math happening.

thanks,

greg k-h

More information about the devel mailing list