1 // SPDX-License-Identifier: GPL-2.0-only
2 /// Find a use after free.
3 //# Values of variables may imply that some
4 //# execution paths are not possible, resulting in false positives.
5 //# Another source of false positives are macros such as
6 //# SCTP_DBG_OBJCNT_DEC that do not actually evaluate their argument
8 // Confidence: Moderate
9 // Copyright: (C) 2010-2012 Nicolas Palix.
10 // Copyright: (C) 2010-2012 Julia Lawall, INRIA/LIP6.
11 // Copyright: (C) 2010-2012 Gilles Muller, INRIA/LiP6.
12 // URL: https://coccinelle.gitlabpages.inria.fr/website
14 // Options: --no-includes --include-headers
39 f(...,c,...,(T)E@p,...)
79 expression free.E, subE<=free.E, E2;
83 position free.p1!=loop.ok,p2!={print.p,sz.p};
89 kfree_sensitive@p1(E,...)
93 iter(...,subE,...) S // no use
95 list_remove_head(E1,subE,...)
115 return_ACPI_STATUS(...)
120 @script:python depends on org@
125 cocci.print_main("kfree",p1)
126 cocci.print_secs("ref",p2)
128 @script:python depends on report@
133 msg = "ERROR: reference preceded by free on line %s" % (p1[0].line)
134 coccilib.report.print_report(p2[0],msg)