Bryan -
Where I work, we have a coding standard that a pointer to malloced
memory that is freed be set to NULL afterwards. That way, if somebody
attempts to dereference said pointer, they will at least get a
segmentation violation. I tried it on your example, and it seems to make
splint happy as well. Just insert the line "*newdev = NULL;" after the
free(*newdev);
-Pete-
On 05/18/2012 09:36 AM, Bryan Evenson wrote:
> I have a function that I'm getting a warning and I'm not sure how deal with
> the issue. Here's a rundown of the function:
>
> static int create_device(const char_t* readLine, sDevices **newDev, int
> *state)
> {
> Int retVal = RET_SUCCESS;
> *newDev = malloc(sizeof(sDevices));
> If(*newDev != NULL)
> {
> (*newDev)->data = malloc(sizeof(sPrivateData));
> If((*newDev)->data == NULL)
> {
> free(*newDev);
> retVal = RET_MEM_ERR;
> }
> }
> else
> {
> retVal = RET_MEM_ERR;
> }
> return retVal;
> }
>
> In summary I have a struct sDevices which in turn has a member sPrivateData*
> data. This function allocates memory for newDev and also for newDev->data.
> If the second memory allocation fails, the whole thing is not useful to me so
> I deallocate all memory related to newDev.
>
> Here's the contents of my .splintrc file (I started with -weak and I'm slowly
> adding checks in so I only have a few to worry about at a time):
> +unix-lib
> +enumindex
> +trytorecover
> -onlytrans
> -dependenttrans
> -branchstate
> -mustfreeonly
> -unreachable
> -nullstate
> -unrecog
> -nullpass
> -temptrans
> -mustfreefresh
> -fullinitblock
> -compmempass
> -compdef
> -type
> -globstate
> -D__signed__=signed
>
> With this, I get the following warning from Splint:
> Released storage *newDev reachable from parameter at return point
> Memory is used after it has been released (either by passing as an only
> param
> or assigning to an only global). (Use -usereleased to inhibit warning)
>
> > From my understanding, Splint is warning me that *newDev may or may not
> > point to valid memory upon exit of the function. I know that, and I know
> > that it's the duty of the caller of create_device to verify that the
> > function was successful before attempting to access newDev. I've tried
> > annotating the newDev parameter in the function declaration as various
> > combinations of /*@out@*/, /*@null@*/ and anything else that seems relavant
> > and nothing has removed the warning (without creating a new one). If I'm
> > understanding correctly, Splint needs to be told that I know *newDev and
> > *newDev->data may or may not be defined upon exit of the function. Any
> > pointers on how to do that?
>
> Thanks,
> Bryan
>
> _______________________________________________
> splint-discuss mailing list
> splint-discuss@mail.cs.virginia.edu
> http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
>
_______________________________________________
splint-discuss mailing list
splint-discuss@mail.cs.virginia.edu
http://www.cs.virginia.edu/mailman/listinfo/splint-discuss
