On Thu, Jun 03, 2010 at 02:45:36PM +0200, Dan Carpenter wrote: > The heuristic I use is that if we return a variable which is the > return value of copy_to_user() and it's non-zero then complain. It > didn't find the f_getown_ex() because that return value could come from > copy_to_user() or it could be -EINVAL. > > I'll mess with it a bit and see if I can make it catch the f_getown_ex() > bug. > I changed the heuristic to complain if we return a non-zero return from copy_to_user() and the minimum possible value of the return is not zero. ret = copy_to_user(); if (ret) return ret; // <- Complain. The minimum value is 1. Or: if (!foo) ret = -ENOMEM; if (!ret) ret = copy_to_user(); return ret; // <- Complain. The minimum value is -ENOMEM. This seems to work pretty well. I've fixed all the bugs this found and I've pushed the check to the smatch repo. regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
