use_after_iter.cocci 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
  1. /// If list_for_each_entry, etc complete a traversal of the list, the iterator
  2. /// variable ends up pointing to an address at an offset from the list head,
  3. /// and not a meaningful structure. Thus this value should not be used after
  4. /// the end of the iterator.
  5. //#False positives arise when there is a goto in the iterator and the
  6. //#reported reference is at the label of this goto. Some flag tests
  7. //#may also cause a report to be a false positive.
  8. ///
  9. // Confidence: Moderate
  10. // Copyright: (C) 2012 Julia Lawall, INRIA/LIP6. GPLv2.
  11. // Copyright: (C) 2012 Gilles Muller, INRIA/LIP6. GPLv2.
  12. // URL: http://coccinelle.lip6.fr/
  13. // Comments:
  14. // Options: --no-includes --include-headers
  15. virtual context
  16. virtual org
  17. virtual report
  18. @r exists@
  19. identifier c,member;
  20. expression E,x;
  21. iterator name list_for_each_entry;
  22. iterator name list_for_each_entry_reverse;
  23. iterator name list_for_each_entry_continue;
  24. iterator name list_for_each_entry_continue_reverse;
  25. iterator name list_for_each_entry_from;
  26. iterator name list_for_each_entry_safe;
  27. iterator name list_for_each_entry_safe_continue;
  28. iterator name list_for_each_entry_safe_from;
  29. iterator name list_for_each_entry_safe_reverse;
  30. iterator name hlist_for_each_entry;
  31. iterator name hlist_for_each_entry_continue;
  32. iterator name hlist_for_each_entry_from;
  33. iterator name hlist_for_each_entry_safe;
  34. statement S;
  35. position p1,p2;
  36. @@
  37. (
  38. list_for_each_entry@p1(c,...,member) { ... when != break;
  39. when forall
  40. when strict
  41. }
  42. |
  43. list_for_each_entry_reverse@p1(c,...,member) { ... when != break;
  44. when forall
  45. when strict
  46. }
  47. |
  48. list_for_each_entry_continue@p1(c,...,member) { ... when != break;
  49. when forall
  50. when strict
  51. }
  52. |
  53. list_for_each_entry_continue_reverse@p1(c,...,member) { ... when != break;
  54. when forall
  55. when strict
  56. }
  57. |
  58. list_for_each_entry_from@p1(c,...,member) { ... when != break;
  59. when forall
  60. when strict
  61. }
  62. |
  63. list_for_each_entry_safe@p1(c,...,member) { ... when != break;
  64. when forall
  65. when strict
  66. }
  67. |
  68. list_for_each_entry_safe_continue@p1(c,...,member) { ... when != break;
  69. when forall
  70. when strict
  71. }
  72. |
  73. list_for_each_entry_safe_from@p1(c,...,member) { ... when != break;
  74. when forall
  75. when strict
  76. }
  77. |
  78. list_for_each_entry_safe_reverse@p1(c,...,member) { ... when != break;
  79. when forall
  80. when strict
  81. }
  82. )
  83. ...
  84. (
  85. list_for_each_entry(c,...) S
  86. |
  87. list_for_each_entry_reverse(c,...) S
  88. |
  89. list_for_each_entry_continue(c,...) S
  90. |
  91. list_for_each_entry_continue_reverse(c,...) S
  92. |
  93. list_for_each_entry_from(c,...) S
  94. |
  95. list_for_each_entry_safe(c,...) S
  96. |
  97. list_for_each_entry_safe(x,c,...) S
  98. |
  99. list_for_each_entry_safe_continue(c,...) S
  100. |
  101. list_for_each_entry_safe_continue(x,c,...) S
  102. |
  103. list_for_each_entry_safe_from(c,...) S
  104. |
  105. list_for_each_entry_safe_from(x,c,...) S
  106. |
  107. list_for_each_entry_safe_reverse(c,...) S
  108. |
  109. list_for_each_entry_safe_reverse(x,c,...) S
  110. |
  111. hlist_for_each_entry(c,...) S
  112. |
  113. hlist_for_each_entry_continue(c,...) S
  114. |
  115. hlist_for_each_entry_from(c,...) S
  116. |
  117. hlist_for_each_entry_safe(c,...) S
  118. |
  119. list_remove_head(x,c,...)
  120. |
  121. sizeof(<+...c...+>)
  122. |
  123. &c->member
  124. |
  125. c = E
  126. |
  127. *c@p2
  128. )
  129. @script:python depends on org@
  130. p1 << r.p1;
  131. p2 << r.p2;
  132. @@
  133. cocci.print_main("invalid iterator index reference",p2)
  134. cocci.print_secs("iterator",p1)
  135. @script:python depends on report@
  136. p1 << r.p1;
  137. p2 << r.p2;
  138. @@
  139. msg = "ERROR: invalid reference to the index variable of the iterator on line %s" % (p1[0].line)
  140. coccilib.report.print_report(p2[0], msg)