Re: Fix UDF-FS potentially dereferencing null

From: Ingo Oeser
Date: Sat Apr 17 2004 - 06:14:42 EST

Hash: SHA1


On Saturday 17 April 2004 11:50, Arjan van de Ven wrote:
[superflous NULL pointer checks]
> > > It'll take a lot of effort to 'fix' them all, and given the non-severity
> > > of a lot of them, I'm not convinced it's worth the effort.
> >
> > Just for the fun of it, I added a "safe" attribute to sparse (hey, it was
> > trivial), and made it warn if you test a safe variable.
> >
> > You can do
> >
> > #define __safe __attribute__((safe))
> >
> > static struct denty *
> > udf_lookup(struct inode * __safe dir,
> > struct dentry * __safe dentry,
> > struct nameidata * __safe nd);
> >
> > or
> is it maybe a good idea to map this to gcc's "nonnull" attribute in some
> way? That way both sparse and the compiler get this explicit
> knowledge.... (afaics gcc will then also just optimize out the null ptr
> checks)

Or even call the attribute "nonnull", because this is a very obvious
naming, even to non-native English readers.

"safe" can mean anything from "safe to use under spinlock" to
"you cannot get pregnant from using this variable".

GCC will not only optimize out the check, but also ensure that the we
will not pass NULL ptrs, if it can notice it. If this gets pushed high
enough (up to the register-like functions, where it gets first
assigned), we will never face this kind of problem anymore and document
this fact per function. Sounds like C coder heaven ;-)


Ingo Oeser

Version: GnuPG v1.2.4 (GNU/Linux)

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at