struct_assignment: fix returns_zeroed_mem() for fake assignments

Dan Carpenter · Dan Carpenter · commit 83ffb38e4f4a · 2022-04-13T14:52:42.000+03:00
If you have a struct within a struct like "foo.bar.baz" then an assignment
gets translated into a series of fake assignments:

	foo.bar = fake assign();

The returns_zeroed_mem() doesn't says "fake assign();" does not return
zeroed mem, but it should instead look at the kzalloc() that is being
faked.

Signed-off-by: Dan Carpenter &lt;dan.carpenter@oracle.com&gt;
diff --git a/smatch_struct_assignment.c b/smatch_struct_assignment.c
@@ -307,10 +307,21 @@ static void __struct_members_copy(int mode, struct expression *faked,
 
 static int returns_zeroed_mem(struct expression *expr)
 {
+	struct expression *tmp;
 	char *fn;
 
 	if (expr->type != EXPR_CALL || expr->fn->type != EXPR_SYMBOL)
 		return 0;
+
+	if (is_fake_call(expr)) {
+		tmp = get_faked_expression();
+		if (!tmp || tmp->type != EXPR_ASSIGNMENT || tmp->op != '=')
+			return 0;
+		expr = tmp->right;
+		if (expr->type != EXPR_CALL || expr->fn->type != EXPR_SYMBOL)
+			return 0;
+	}
+
 	fn = expr_to_var(expr->fn);
 	if (!fn)
 		return 0;
