Coverity Reports on Passing NULL to fileno()

Joel Sherrill joel at
Wed Feb 17 17:58:55 UTC 2021


Ryan has been investigating some Coverity reports where fileno(FILE *)
could be passed a NULL. I asked about adding a NULL check in newlib and was
reminded that POSIX leaves passing a NULL pointer as undefined behavior.

I don't want to ignore calls to fileno() and other methods from RTEMS code
that potentially could pass a NULL in. I only see a few options:

  + Use an rtems_fileno() wrapper which does check for NULL. I don't like
this because it opens a path of doing this for any libc method that takes a

+ Mark these as ignored in Coverity. I don't like this because it always
feels like we could be papering over something.

+ Add an RTEMS assert() ahead of these suspect calls so at least debug mode
flags them and Coverity is happier.

+ Add nonnull attribute to the headers for the various parameters in libc
that shouldn't be null. I don't think this will catch all stupid cases of
passing NULL but may be sufficient to catch some. I have no idea if this
will make Coverity happy or not.

I think aiming for the last two since they seem reasonable and

Other ideas?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list