Revision e3854b6e25d1b092c30c5f81a04fe6fc839b1e26 authored by Julia Lawall on 08 August 2011, 11:18:02 UTC, committed by Kumar Gala on 24 November 2011, 08:01:24 UTC
At this point, ehv_pic has been allocated but not stored anywhere, so it
should be freed before leaving the function.
A simplified version of the semantic match that finds this problem is as
follows: (http://coccinelle.lip6.fr/)
// <smpl>
@exists@
local idexpression x;
statement S,S1;
expression E;
identifier fl;
expression *ptr != NULL;
@@
x = \(kmalloc\|kzalloc\|kcalloc\)(...);
...
if (x == NULL) S
<... when != x
when != if (...) { <+...kfree(x)...+> }
when any
when != true x == NULL
x->fl
...>
(
if (x == NULL) S1
|
if (...) { ... when != x
when forall
(
return \(0\|<+...x...+>\|ptr\);
|
* return ...;
)
}
)
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
Acked-by: Timur Tabi <timur@freescale.com>
Signed-off-by: Kumar Gala <galak@kernel.crashing.org>
1 parent 7145cf1
| File | Mode | Size |
|---|---|---|
| Makefile | -rw-r--r-- | 394 bytes |
| compat.c | -rw-r--r-- | 17.0 KB |
| compat_mq.c | -rw-r--r-- | 4.1 KB |
| ipc_sysctl.c | -rw-r--r-- | 6.0 KB |
| ipcns_notifier.c | -rw-r--r-- | 2.2 KB |
| mq_sysctl.c | -rw-r--r-- | 2.7 KB |
| mqueue.c | -rw-r--r-- | 30.5 KB |
| msg.c | -rw-r--r-- | 20.9 KB |
| msgutil.c | -rw-r--r-- | 2.8 KB |
| namespace.c | -rw-r--r-- | 4.3 KB |
| sem.c | -rw-r--r-- | 42.1 KB |
| shm.c | -rw-r--r-- | 29.1 KB |
| syscall.c | -rw-r--r-- | 2.3 KB |
| util.c | -rw-r--r-- | 22.8 KB |
| util.h | -rw-r--r-- | 5.3 KB |
Computing file changes ...
