-
Notifications
You must be signed in to change notification settings - Fork 188
/
Copy pathmissing-argument-null-check.qhelp
49 lines (38 loc) · 1.73 KB
/
missing-argument-null-check.qhelp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Functions which dereference a pointer should test for <code>NULL</code>.
This should be done as an explicit comparison in an <code>assert</code> or <code>if</code> statement.
If the function assumes that an argument is non-null, add an assert at the beginning of the function body.
</p>
<p>
There are some limitations in the current implementation.
It only looks for explicit comparisons, <code>if (ptr == NULL)</code>, but this is the correct way to write it, according to our style guidelines.
Only arrow syntax is detected, <code>ptr->field</code>, so it should be expanded to also detect asterisk syntax, <code>*ptr</code>.
Also, it doesn't check that the comparison is before the dereference, it should be improved to also alert in cases where the check is after the dereference.
There shouldn't be false positives, but it should be expanded to find more problematic cases.
</p>
</overview>
<recommendation>
<p>
Add an assert to the beginning of the function if it assumes the argument is not null: <code>assert(ptr != NULL)</code>.
Add an an explicit comparison somewhere in the function if it is okay for the argument to be NULL.
(Usually this should be an <code>if</code> around the dereference).
Note that in both cases, the comparison <b>must</b> be explicit (using <code>== NULL</code> or <code>!= NULL</code>).
</p>
</recommendation>
<example>
<p>
This example has 2 correct (good) functions, and one incorrect (bad) function:
</p>
<sample src="missing-argument-null-check.c" />
</example>
<references>
<li>
CFEngine Contribution guidelines: <a href="https://github.com/cfengine/core/blob/master/CONTRIBUTING.md">CONTRIBUTING.md</a>
</li>
</references>
</qhelp>