[Bugs] [Bug 1714851] issues with 'list.h' elements in clang-scan

bugzilla at redhat.com bugzilla at redhat.com
Mon Jun 3 07:57:57 UTC 2019


Xavi Hernandez <jahernan at redhat.com> changed:

           What    |Removed                     |Added
                 CC|                            |jahernan at redhat.com

--- Comment #1 from Xavi Hernandez <jahernan at redhat.com> ---
I'm not sure we really have an issue in list_for_each_entry_safe(). Even if the
list is empty and list_first_entry() is used (which is true that it returns a
bad pointer when list is empty), what we get is a pointer to an invalid
structure. That's true. However, the macro only dereferences the 'list' field,
which is guaranteed to be valid, even if the list is empty, and in this case it
will exit the loop, so no unsafe pointers will be passed to the body of the

Additionally, clang-scan complains about the entry pointer being NULL inside
the loop. The only case where this can happen is when the list is not
initialized with INIT_LIST_HEAD() and the memory is cleared with 0's. However
clang-scan doesn't provide a trace path from allocation to
list_for_each_entry_safe() call where this can be proved. So my guess is that
clang-scan assumes that any value is possible for a given pointer passed as an
argument. In that case many false-positives will appear, since it's assuming
something that is not true most of the cases.

You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.

More information about the Bugs mailing list