How can I pick out "Dubious Null Check" by both the caller and the called function (not what DubiousNullCheck.ql means to)? 

For example, null check for both the argument `pi` and the parameter `p`:

```cpp
#include <stdio.h>

int func(int *p) {
    if (p = NULL) return 0;
    return *p;
}
int main() {
    int i =  9, *pi = &i;
    //if (pi != NULL)
    printf("%d\n", func(pi));
}
```

I've tried to write some ql, as below, but failed to complete it.
What troubles me the most now is: how to connect the parameter with the argument?

```codeql
import cpp

VariableAccess modify(LocalVariable variable) {
    result = variable.getAnAccess() and
    result.isModified()
}

from LocalVariable variable, FunctionCall call
where
  variable.getType() instanceof PointerType
  and exists(call.getTarget().getAParameter())
  and call.getEnclosingFunction() = variable.getFunction()
  and variable.getAnAccess().getLocation().getStartLine() = call.getLocation().getStartLine()
  and not modify(variable).getLocation().getStartLine() = call.getLocation().getStartLine()
  and not (call.getTarget().isMember() and call.getTarget().getDeclaringType() = variable.getType().stripType())
select variable, call
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How can I pick out "Dubious Null Check" by both the caller and the called function (not what DubiousNullCheck.ql means to)? #13327

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

How can I pick out "Dubious Null Check" by both the caller and the called function (not what DubiousNullCheck.ql means to)? #13327

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions