Coverity Reports on Passing NULL to fileno()
Joel Sherrill
joel at rtems.org
Wed Feb 17 17:58:55 UTC 2021
Hi
Ryan has been investigating some Coverity reports where fileno(FILE *)
could be passed a NULL. I asked about adding a NULL check in newlib and was
reminded that POSIX leaves passing a NULL pointer as undefined behavior.
I don't want to ignore calls to fileno() and other methods from RTEMS code
that potentially could pass a NULL in. I only see a few options:
+ Use an rtems_fileno() wrapper which does check for NULL. I don't like
this because it opens a path of doing this for any libc method that takes a
pointer.
+ Mark these as ignored in Coverity. I don't like this because it always
feels like we could be papering over something.
+ Add an RTEMS assert() ahead of these suspect calls so at least debug mode
flags them and Coverity is happier.
+ Add nonnull attribute to the headers for the various parameters in libc
that shouldn't be null. I don't think this will catch all stupid cases of
passing NULL but may be sufficient to catch some. I have no idea if this
will make Coverity happy or not.
I think aiming for the last two since they seem reasonable and
straightforward.
Other ideas?
--joel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20210217/5692df4b/attachment.html>
More information about the devel
mailing list