use_after_iter.cocci (4008B)
1// SPDX-License-Identifier: GPL-2.0-only 2/// If list_for_each_entry, etc complete a traversal of the list, the iterator 3/// variable ends up pointing to an address at an offset from the list head, 4/// and not a meaningful structure. Thus this value should not be used after 5/// the end of the iterator. 6//#False positives arise when there is a goto in the iterator and the 7//#reported reference is at the label of this goto. Some flag tests 8//#may also cause a report to be a false positive. 9/// 10// Confidence: Moderate 11// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. 12// Copyright: (C) 2012 Gilles Muller, INRIA/LIP6. 13// URL: http://coccinelle.lip6.fr/ 14// Comments: 15// Options: --no-includes --include-headers 16 17virtual context 18virtual org 19virtual report 20 21@r exists@ 22identifier c,member; 23expression E,x; 24iterator name list_for_each_entry; 25iterator name list_for_each_entry_reverse; 26iterator name list_for_each_entry_continue; 27iterator name list_for_each_entry_continue_reverse; 28iterator name list_for_each_entry_from; 29iterator name list_for_each_entry_safe; 30iterator name list_for_each_entry_safe_continue; 31iterator name list_for_each_entry_safe_from; 32iterator name list_for_each_entry_safe_reverse; 33iterator name hlist_for_each_entry; 34iterator name hlist_for_each_entry_continue; 35iterator name hlist_for_each_entry_from; 36iterator name hlist_for_each_entry_safe; 37statement S; 38position p1,p2; 39type T; 40@@ 41 42( 43list_for_each_entry@p1(c,...,member) { ... when != break; 44 when forall 45 when strict 46} 47| 48list_for_each_entry_reverse@p1(c,...,member) { ... when != break; 49 when forall 50 when strict 51} 52| 53list_for_each_entry_continue@p1(c,...,member) { ... when != break; 54 when forall 55 when strict 56} 57| 58list_for_each_entry_continue_reverse@p1(c,...,member) { ... when != break; 59 when forall 60 when strict 61} 62| 63list_for_each_entry_from@p1(c,...,member) { ... when != break; 64 when forall 65 when strict 66} 67| 68list_for_each_entry_safe@p1(c,...,member) { ... when != break; 69 when forall 70 when strict 71} 72| 73list_for_each_entry_safe_continue@p1(c,...,member) { ... when != break; 74 when forall 75 when strict 76} 77| 78list_for_each_entry_safe_from@p1(c,...,member) { ... when != break; 79 when forall 80 when strict 81} 82| 83list_for_each_entry_safe_reverse@p1(c,...,member) { ... when != break; 84 when forall 85 when strict 86} 87) 88... 89( 90list_for_each_entry(c,...) S 91| 92list_for_each_entry_reverse(c,...) S 93| 94list_for_each_entry_continue(c,...) S 95| 96list_for_each_entry_continue_reverse(c,...) S 97| 98list_for_each_entry_from(c,...) S 99| 100list_for_each_entry_safe(c,...) S 101| 102list_for_each_entry_safe(x,c,...) S 103| 104list_for_each_entry_safe_continue(c,...) S 105| 106list_for_each_entry_safe_continue(x,c,...) S 107| 108list_for_each_entry_safe_from(c,...) S 109| 110list_for_each_entry_safe_from(x,c,...) S 111| 112list_for_each_entry_safe_reverse(c,...) S 113| 114list_for_each_entry_safe_reverse(x,c,...) S 115| 116hlist_for_each_entry(c,...) S 117| 118hlist_for_each_entry_continue(c,...) S 119| 120hlist_for_each_entry_from(c,...) S 121| 122hlist_for_each_entry_safe(c,...) S 123| 124list_remove_head(x,c,...) 125| 126list_entry_is_head(c,...) 127| 128sizeof(<+...c...+>) 129| 130 &c->member 131| 132T c; 133| 134c = E 135| 136*c@p2 137) 138 139@script:python depends on org@ 140p1 << r.p1; 141p2 << r.p2; 142@@ 143 144cocci.print_main("invalid iterator index reference",p2) 145cocci.print_secs("iterator",p1) 146 147@script:python depends on report@ 148p1 << r.p1; 149p2 << r.p2; 150@@ 151 152msg = "ERROR: invalid reference to the index variable of the iterator on line %s" % (p1[0].line) 153coccilib.report.print_report(p2[0], msg)