From 44d1a9787045c421d005ce34804489b44a57994c Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Mon, 20 Oct 2025 17:36:36 +0200
Subject: [PATCH 1/4] Fail when spatch can't process source code

Sometimes spatch fails to process the source code:

    EXN: Failure("replacement: node 80: {7[1,2,30,31,32] in isc__nm_base64_to_base64url reachable by inconsistent control-flow paths") in ./lib/isc/netmgr/http.c
---
 util/check-cocci.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util/check-cocci.sh b/util/check-cocci.sh
index 5dd382c6ad..09783ea9af 100755
--- a/util/check-cocci.sh
+++ b/util/check-cocci.sh
@@ -23,7 +23,7 @@ run_spatch() {
   echo "Applying semantic patch $spatch..."
   spatch --jobs "${TEST_PARALLEL_JOBS:-1}" --sp-file "$spatch" --use-gitgrep --dir "." --include-headers $spatchargs >>"$patch" 2>cocci.stderr
   cat cocci.stderr
-  if grep -q -e "parse error" cocci.stderr; then
+  if grep -q -e "parse error" -e "EXN: Failure" cocci.stderr; then
     ret=1
   fi
   if [ "$(wc <"$patch" -l)" -gt "0" ]; then

From 6db5b9ee14e9968155e59c1a70a2ccc452516b36 Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Mon, 20 Oct 2025 17:58:37 +0200
Subject: [PATCH 2/4] Spawn coccinelle CI job when util/check-cocci.sh was
 touched

---
 .gitlab-ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d1e7c3f14b..4d34fd96f2 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -697,6 +697,7 @@ coccinelle:
         - '**/*.c'
         - '**/*.h'
         - 'cocci/**'
+        - 'util/check-cocci.sh'
     - *rule_mr_manual
     - *rule_tag
     - *rule_source_other_than_mr

From d91e8ed57500a48b86fee9cd12b1964f639e63b5 Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Tue, 21 Oct 2025 11:00:36 +0200
Subject: [PATCH 3/4] Use SET_IF_NOT_NULL in isc__nm_base64*

---
 lib/isc/netmgr/http.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/lib/isc/netmgr/http.c b/lib/isc/netmgr/http.c
index 814deaf371..645f256059 100644
--- a/lib/isc/netmgr/http.c
+++ b/lib/isc/netmgr/http.c
@@ -3539,9 +3539,7 @@ isc__nm_base64url_to_base64(isc_mem_t *mem, const char *base64url,
 
 	INSIST(i == len);
 
-	if (res_len != NULL) {
-		*res_len = len;
-	}
+	SET_IF_NOT_NULL(res_len, len);
 
 	res[len] = '\0';
 
@@ -3592,9 +3590,7 @@ isc__nm_base64_to_base64url(isc_mem_t *mem, const char *base64,
 		}
 	}
 end:
-	if (res_len) {
-		*res_len = i;
-	}
+	SET_IF_NOT_NULL(res_len, i);
 
 	res[i] = '\0';
 

From 9279806b9e3be8034219214f11cf03a2f1457414 Mon Sep 17 00:00:00 2001
From: Michal Nowak <mnowak@isc.org>
Date: Tue, 21 Oct 2025 11:34:54 +0200
Subject: [PATCH 4/4] Use DNS_SIGTYPEPAIR instead of DNS_SIGTYPE

After 74fe3db37c65e997b82b81e5685b65cf19818646, there's no such thing as
DNS_SIGTYPE.
---
 cocci/DNS_TYPEPAIR_VALUE.spatch | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cocci/DNS_TYPEPAIR_VALUE.spatch b/cocci/DNS_TYPEPAIR_VALUE.spatch
index fe75b36926..34f5230300 100644
--- a/cocci/DNS_TYPEPAIR_VALUE.spatch
+++ b/cocci/DNS_TYPEPAIR_VALUE.spatch
@@ -2,5 +2,5 @@
 expression e;
 @@
 -DNS_TYPEPAIR_VALUE(dns_rdatatype_rrsig,
-+DNS_SIGTYPE(
++DNS_SIGTYPEPAIR(
              e)