| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dd1adf86-1bc1-2ffe-1af8-3d7082c5a468@web.de>
Date: Fri, 11 Oct 2019 07:15:53 +0200
From: Markus Elfring <Markus.Elfring@....de>
To: Rasmus Villemoes <linux@...musvillemoes.dk>,
kernel-janitors@...r.kernel.org,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Joe Perches <joe@...ches.com>,
Kees Cook <keescook@...omium.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Steven Rostedt <rostedt@...dmis.org>,
Aditya Pakki <pakki001@....edu>, Kangjie Lu <kjlu@....edu>,
Navid Emamdoost <emamd001@....edu>,
Stephen McCamant <smccaman@....edu>,
Coccinelle <cocci@...teme.lip6.fr>
Cc: LKML <linux-kernel@...r.kernel.org>
Subject: Re: Searching for missing variable checks
> The problem is the __must_check does not mean that the
> return value must be followed by a comparison to NULL and bailing out
> (that can't really be checked), it simply ensures the return value is
> assigned somewhere or used in an if(). So foo->bar = kstrdup() not
> followed by a check of foo->bar won't warn.
Higher level source code analysis tools like the semantic patch language
(Coccinelle software) can help to find such missing checks.
Would you like to point any additional development tools out
for this purpose?
Regards,
Markus
Powered by blists - more mailing lists