From: Markus Elfring <Markus.Elfring@web.de>
To: Edgar Khachatryan <khachatryan.edgar@student.rau.am>
Cc: cocci@inria.fr, Ella Ma <xutong.ma@inria.fr>
Subject: Re: [cocci] Detecting Use-After-Free …
Date: Tue, 18 Mar 2025 14:45:29 +0100 [thread overview]
Message-ID: <c375800d-0f89-4e95-87b9-0e35dc208913@web.de> (raw)
In-Reply-To: <CAN1=rvJBSpCq35PY-tTFomZ17wNBRN=bNV4vwKTV-TgYe38FdQ@mail.gmail.com>
> I have found and tried to use the kfree.cocci semantic patch provided for the Linux kernel. However, when I run the command:
> spatch --sp-file kfree.cocci file.c
>
> Although I am certain that file.c contains a very simple use-after-free example, Coccinelle reports the following message:
> No rules apply. Perhaps your semantic patch doesn't contain any +/-/* code, or you have a failed dependency. If the problem is not clear, try --debug-parse-cocci or check whether any virtual rules (e.g., report) should be defined.
>
> I also tried running it with --debug-parse-cocci, but I am still unsure how to proceed.
Please take another look at corresponding implementation details
and available software documentation.
* https://elixir.bootlin.com/linux/v6.14-rc6/source/scripts/coccinelle/free/kfree.cocci#L16-L17
* https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/dev-tools/coccinelle.rst?h=v6.14-rc7#n71
See also:
[PATCH next] firmware: thead,th1520-aon: Fix use after free in th1520_aon_init()
https://lore.kernel.org/all/f19be994-d355-48a6-ab45-d0f7e5955daf@stanley.mountain/
https://lkml.org/lkml/2025/3/15/159
Another concrete test case:
Markus_Elfring@Sonne:…/Projekte/Linux/next-analyses> git checkout next-20250318 && time spatch --no-loops -D report scripts/coccinelle/free/kfree.cocci drivers/firmware/thead,th1520-aon.c
…
drivers/firmware/thead,th1520-aon.c:221:18-26: ERROR: reference preceded by free on line 220
real 0m0,747s
user 0m0,347s
sys 0m0,055s
Regards,
Markus
next prev parent reply other threads:[~2025-03-18 13:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-03-10 14:39 [cocci] Detecting Use-After-Free and Analyzing CMake Projects Edgar Khachatryan
2025-03-18 9:43 ` Ella Ma
2025-03-18 13:45 ` Markus Elfring [this message]
2025-03-18 14:21 ` [cocci] " Markus Elfring
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c375800d-0f89-4e95-87b9-0e35dc208913@web.de \
--to=markus.elfring@web.de \
--cc=cocci@inria.fr \
--cc=khachatryan.edgar@student.rau.am \
--cc=xutong.ma@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).