From 57e5c9eea600913173e24ee40c583912e52cfee0 Mon Sep 17 00:00:00 2001 From: Michael Vogt Date: Sat, 28 Mar 2026 12:35:54 +0100 Subject: [PATCH] core: make check-pointer-deref clean Add the needed assert changes to make the code clean for the new check-pointer-deref script. --- meson.build | 1 - src/core/bpf-firewall.c | 2 ++ src/core/cgroup.c | 4 ++++ src/core/emergency-action.c | 2 ++ src/core/job.c | 7 +++++++ src/core/load-fragment.c | 6 ++++++ src/core/manager.c | 2 ++ src/core/mount.c | 2 ++ src/core/path.c | 1 + src/core/scope.c | 2 ++ src/core/smack-setup.c | 3 +++ src/core/socket.c | 2 ++ src/core/swap.c | 2 ++ src/core/timer.c | 1 + src/core/unit.c | 1 + src/core/varlink-execute.c | 3 +++ 16 files changed, 40 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 674c2fef64f..c9e96b25914 100644 --- a/meson.build +++ b/meson.build @@ -2978,7 +2978,6 @@ if spatch.found() # Remove directories from this list as they are cleaned up. coccinelle_exclude = [ 'src/basic/', - 'src/core/', 'src/libsystemd/', 'src/shared/', # libc/ has no assert() or systemd-headers so leave it diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c index b0c54d31347..bc5d7f0351d 100644 --- a/src/core/bpf-firewall.c +++ b/src/core/bpf-firewall.c @@ -661,6 +661,8 @@ static int attach_custom_bpf_progs(Unit *u, const char *path, int attach_type, S int r; assert(u); + assert(set); + assert(set_installed); set_clear(*set_installed); r = set_ensure_allocated(set_installed, &bpf_program_hash_ops); diff --git a/src/core/cgroup.c b/src/core/cgroup.c index 514dabf371b..7bcd6777df2 100644 --- a/src/core/cgroup.c +++ b/src/core/cgroup.c @@ -313,6 +313,8 @@ static int unit_compare_memory_limit(Unit *u, const char *property_name, uint64_ * - ret_kernel_value will contain the actual value presented by the kernel. */ assert(u); + assert(ret_unit_value); + assert(ret_kernel_value); /* The root slice doesn't have any controller files, so we can't compare anything. */ if (unit_has_name(u, SPECIAL_ROOT_SLICE)) @@ -3189,6 +3191,8 @@ static int cg_bpf_mask_supported(CGroupMask *ret) { CGroupMask mask = 0; int r; + assert(ret); + /* BPF-based firewall, device access control, and pinned foreign prog */ if (bpf_program_supported() > 0) mask |= CGROUP_MASK_BPF_FIREWALL | diff --git a/src/core/emergency-action.c b/src/core/emergency-action.c index 439228c8995..b9a5c66ebff 100644 --- a/src/core/emergency-action.c +++ b/src/core/emergency-action.c @@ -240,6 +240,8 @@ int parse_emergency_action( EmergencyAction x; + assert(ret); + x = emergency_action_from_string(value); if (x < 0) return -EINVAL; diff --git a/src/core/job.c b/src/core/job.c index 1cac09bd066..638e6e759e5 100644 --- a/src/core/job.c +++ b/src/core/job.c @@ -510,6 +510,8 @@ JobType job_type_collapse(JobType t, Unit *u) { int job_type_merge_and_collapse(JobType *a, JobType b, Unit *u) { JobType t; + assert(a); + t = job_type_lookup_merge(*a, b); if (t < 0) return -EEXIST; @@ -1523,6 +1525,11 @@ void job_add_to_gc_queue(Job *j) { } static int job_compare_id(Job * const *a, Job * const *b) { + assert(a); + assert(b); + assert(*a); + assert(*b); + return CMP((*a)->id, (*b)->id); } diff --git a/src/core/load-fragment.c b/src/core/load-fragment.c index cef01ab7763..840804fcf8d 100644 --- a/src/core/load-fragment.c +++ b/src/core/load-fragment.c @@ -88,6 +88,8 @@ static int parse_socket_protocol(const char *s) { int parse_crash_chvt(const char *value, int *data) { int b; + assert(data); + if (safe_atoi(value, data) >= 0) return 0; @@ -107,6 +109,8 @@ int parse_confirm_spawn(const char *value, char **console) { char *s; int r; + assert(console); + r = value ? parse_boolean(value) : 1; if (r == 0) { *console = NULL; @@ -565,6 +569,8 @@ static int patch_var_run( const char *e; char *z; + assert(path); + e = path_startswith(*path, "/var/run/"); if (!e) return 0; diff --git a/src/core/manager.c b/src/core/manager.c index e8c5f008958..a5af434e5ef 100644 --- a/src/core/manager.c +++ b/src/core/manager.c @@ -1982,6 +1982,8 @@ Manager* manager_reloading_start(Manager *m) { } void manager_reloading_stopp(Manager **m) { + assert(m); + if (*m) { assert((*m)->n_reloading > 0); (*m)->n_reloading--; diff --git a/src/core/mount.c b/src/core/mount.c index 680e376febf..46e157af206 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -2003,6 +2003,8 @@ static int mount_get_timeout(Unit *u, usec_t *timeout) { usec_t t; int r; + assert(timeout); + if (!m->timer_event_source) return 0; diff --git a/src/core/path.c b/src/core/path.c index 789ef9e25d6..18a5e140f14 100644 --- a/src/core/path.c +++ b/src/core/path.c @@ -931,6 +931,7 @@ static int activation_details_path_deserialize(const char *key, const char *valu assert(key); assert(value); + POINTER_MAY_BE_NULL(details); if (!details || !*details) return -EINVAL; diff --git a/src/core/scope.c b/src/core/scope.c index d36b27c537d..21520d9d194 100644 --- a/src/core/scope.c +++ b/src/core/scope.c @@ -483,6 +483,8 @@ static int scope_get_timeout(Unit *u, usec_t *timeout) { usec_t t; int r; + assert(timeout); + if (!s->timer_event_source) return 0; diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 1e8e2b54e53..46c7d0a6e88 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -26,6 +26,9 @@ static int fdopen_unlocked_at(int dfd, const char *dir, const char *name, int *s int fd, r; FILE *f; + assert(status); + assert(ret_file); + fd = openat(dfd, name, O_RDONLY|O_CLOEXEC); if (fd < 0) { if (*status == 0) diff --git a/src/core/socket.c b/src/core/socket.c index 43f61e456dc..f911f1758fb 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -3525,6 +3525,8 @@ static int socket_get_timeout(Unit *u, usec_t *timeout) { usec_t t; int r; + assert(timeout); + if (!s->timer_event_source) return 0; diff --git a/src/core/swap.c b/src/core/swap.c index 5de1dccf427..960d831c5cc 100644 --- a/src/core/swap.c +++ b/src/core/swap.c @@ -1427,6 +1427,8 @@ static int swap_get_timeout(Unit *u, usec_t *timeout) { usec_t t; int r; + assert(timeout); + if (!s->timer_event_source) return 0; diff --git a/src/core/timer.c b/src/core/timer.c index c591fcd469c..510d8e19957 100644 --- a/src/core/timer.c +++ b/src/core/timer.c @@ -940,6 +940,7 @@ static int activation_details_timer_deserialize(const char *key, const char *val assert(key); assert(value); + POINTER_MAY_BE_NULL(details); if (!details || !*details) return -EINVAL; diff --git a/src/core/unit.c b/src/core/unit.c index 9af7fb51405..41f536ce1f1 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -6377,6 +6377,7 @@ int unit_clean(Unit *u, ExecCleanMask mask) { int unit_can_clean(Unit *u, ExecCleanMask *ret) { assert(u); + assert(ret); if (!UNIT_VTABLE(u)->clean || u->load_state != UNIT_LOADED) { diff --git a/src/core/varlink-execute.c b/src/core/varlink-execute.c index e6efd598959..ccb454c8c24 100644 --- a/src/core/varlink-execute.c +++ b/src/core/varlink-execute.c @@ -781,6 +781,9 @@ static int set_credential_build_json(sd_json_variant **ret, const char *name, vo int unit_exec_context_build_json(sd_json_variant **ret, const char *name, void *userdata) { Unit *u = ASSERT_PTR(userdata); ExecContext *c = unit_get_exec_context(u); + + assert(ret); + if (!c) { *ret = NULL; return 0; -- 2.47.3