From: Deveshi Dwivedi <deveshigurgaon@gmail.com>
To: git@vger.kernel.org
Cc: peff@peff.net, gitster@pobox.com,
Deveshi Dwivedi <deveshigurgaon@gmail.com>
Subject: [PATCH 1/2] coccinelle: detect struct strbuf passed by value
Date: Sun, 15 Mar 2026 09:44:43 +0000 [thread overview]
Message-ID: <20260315094445.19849-2-deveshigurgaon@gmail.com> (raw)
In-Reply-To: <20260315094445.19849-1-deveshigurgaon@gmail.com>
Passing a struct strbuf by value to a function copies the struct
but shares the underlying character array between caller and callee.
If the callee causes a reallocation, the caller's copy becomes a
dangling pointer, leading to a double-free when strbuf_release() is
called. There is no coccinelle rule to catch this pattern.
Jeff King suggested adding one during review of the
write_worktree_linking_files() fix [1], and noted that a reporting
rule using coccinelle's Python scripting extensions could emit a
descriptive warning, but we do not currently require Python support
in coccinelle.
Add a transformation rule that rewrites a by-value strbuf parameter
to a pointer. The detection is identical to what a Python-based
reporting rule would catch; only the presentation differs. The
resulting diff will not produce compilable code on its own (callers
and the function body still need updating), but the spatch output
alerts the developer that the signature needs attention. This is
consistent with the other rules in strbuf.cocci, which also rewrite
to the preferred form.
[1] https://lore.kernel.org/git/20260309192600.GC309867@coredump.intra.peff.net/
Signed-off-by: Deveshi Dwivedi <deveshigurgaon@gmail.com>
---
contrib/coccinelle/strbuf.cocci | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/contrib/coccinelle/strbuf.cocci b/contrib/coccinelle/strbuf.cocci
index 5f06105df6..83bd93be5f 100644
--- a/contrib/coccinelle/strbuf.cocci
+++ b/contrib/coccinelle/strbuf.cocci
@@ -60,3 +60,14 @@ expression E1, E2;
@@
- strbuf_addstr(E1, real_path(E2));
+ strbuf_add_real_path(E1, E2);
+
+@@
+identifier fn, param;
+@@
+ fn(...,
+- struct strbuf param
++ struct strbuf *param
+ ,...)
+ {
+ ...
+ }
--
2.52.0.230.gd8af7cadaa
next prev parent reply other threads:[~2026-03-15 9:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-15 9:44 [PATCH 0/2] coccinelle: detect and fix strbuf-by-value parameters Deveshi Dwivedi
2026-03-15 9:44 ` Deveshi Dwivedi [this message]
2026-03-15 9:44 ` [PATCH 2/2] stash: do not pass strbuf by value Deveshi Dwivedi
2026-03-16 15:35 ` [PATCH 0/2] coccinelle: detect and fix strbuf-by-value parameters Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260315094445.19849-2-deveshigurgaon@gmail.com \
--to=deveshigurgaon@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox