pci_get_device increments a reference count that should be decremented
using pci_dev_put.
The semantic patch that finds the problem is as follows:
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@r exists@
local idexpression x;
statement S,S1;
position p1,p2,p3;
expression E,E1;
type T,T1;
expression *ptr != NULL;
@@
(
if ((x@p1 = pci_get_device(...)) == NULL) S
|
x@p1 = pci_get_device(...);
)
... when != pci_dev_put(...,(T)x,...)
when != if (...) { <+... pci_dev_put(...,(T)x,...) ...+> }
when != true x == NULL || ...
when != x = E
when != E = (T)x
when any
(
if (x == NULL || ...) S1
|
if@p2 (...) {
... when != pci_dev_put(...,(T1)x,...)
when != if (...) { <+... pci_dev_put(...,(T1)x,...) ...+> }
when != x = E1
when != E1 = (T1)x
(
return \(0\|<+...x...+>\|ptr\);
|
return@p3 ...;
)
}
)