On Sun, 9 Apr 2023, Markus Elfring wrote: > Hello, > > I tried the following SmPL script out also on the source files from > the software “Linux next-20230406”. > > @display@ > expression action, input, target; > identifier member, var; > type t; > @@ > ( > *t var = \( &input->member \| action(..., &input->member, ...) \); > ... when != input > when any > | > *target = \( &input->member \| action(..., &input->member, ...) \); > ... when != input > when any > ) > *if (input == NULL || ...) > return ...; > > > 31 source files were found where it was tried to determine the address of > a data structure member (which includes a pointer dereference) > before a null pointer check. > I imagine that such code should be reconsidered once more and improved accordingly. > > How do you think about to achieve any adjustments in this design direction? Setting var to &input->member does not cause any immediate problem. If there is a dereference of &input->member that can happen at run time that would be a problem. julia
