Coverity Reports on Passing NULL to fileno()

[Joel Sherrill]

Hi

Ryan has been investigating some Coverity reports where fileno(FILE *)
could be passed a NULL. I asked about adding a NULL check in newlib and was
reminded that POSIX leaves passing a NULL pointer as undefined behavior.

I don't want to ignore calls to fileno() and other methods from RTEMS code
that potentially could pass a NULL in. I only see a few options:

  + Use an rtems_fileno() wrapper which does check for NULL. I don't like
this because it opens a path of doing this for any libc method that takes a
pointer.

+ Mark these as ignored in Coverity. I don't like this because it always
feels like we could be papering over something.

+ Add an RTEMS assert() ahead of these suspect calls so at least debug mode
flags them and Coverity is happier.

+ Add nonnull attribute to the headers for the various parameters in libc
that shouldn't be null. I don't think this will catch all stupid cases of
passing NULL but may be sufficient to catch some. I have no idea if this
will make Coverity happy or not.

I think aiming for the last two since they seem reasonable and
straightforward.

Other ideas?

--joel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20210217/5692df4b/attachment.html>