From 65fec23b577d09122865d239ce454d7946691c2a Mon Sep 17 00:00:00 2001 From: Deveshi Dwivedi Date: Sun, 15 Mar 2026 09:44:43 +0000 Subject: [PATCH] coccinelle: detect struct strbuf passed by value Passing a struct strbuf by value to a function copies the struct but shares the underlying character array between caller and callee. If the callee causes a reallocation, the caller's copy becomes a dangling pointer, leading to a double-free when strbuf_release() is called. There is no coccinelle rule to catch this pattern. Jeff King suggested adding one during review of the write_worktree_linking_files() fix [1], and noted that a reporting rule using coccinelle's Python scripting extensions could emit a descriptive warning, but we do not currently require Python support in coccinelle. Add a transformation rule that rewrites a by-value strbuf parameter to a pointer. The detection is identical to what a Python-based reporting rule would catch; only the presentation differs. The resulting diff will not produce compilable code on its own (callers and the function body still need updating), but the spatch output alerts the developer that the signature needs attention. This is consistent with the other rules in strbuf.cocci, which also rewrite to the preferred form. [1] https://lore.kernel.org/git/20260309192600.GC309867@coredump.intra.peff.net/ Signed-off-by: Deveshi Dwivedi Signed-off-by: Junio C Hamano --- contrib/coccinelle/strbuf.cocci | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/coccinelle/strbuf.cocci b/contrib/coccinelle/strbuf.cocci index 5f06105df6..83bd93be5f 100644 --- a/contrib/coccinelle/strbuf.cocci +++ b/contrib/coccinelle/strbuf.cocci @@ -60,3 +60,14 @@ expression E1, E2; @@ - strbuf_addstr(E1, real_path(E2)); + strbuf_add_real_path(E1, E2); + +@@ +identifier fn, param; +@@ + fn(..., +- struct strbuf param ++ struct strbuf *param + ,...) + { + ... + }