Pull request #5017: build: address compilation warnings

author Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>

Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)

committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)
author Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)
committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)
diff --git a/src/detection/detection_continuation.h b/src/detection/detection_continuation.h

index d64775fa36f390fbe5ee8456513b7d362220a089..744504e0f3af26247bf0f1ec6ffc950d18e843e8 100644 (file)
--- a/src/detection/detection_continuation.h
+++ b/src/detection/detection_continuation.h
@@ -180,6 +180,7 @@ void Continuation::eval(snort::Packet& p)
  
      while (i != &states)
      {
+        // coverity[use_after_free:FALSE]
          auto st = i;
          bool r = (**st).eval(p);
          i = st->get_next();
diff --git a/src/helpers/ring.h b/src/helpers/ring.h

index 57f18d6b67ba387a4a5a3eaa3a891a34016e4ef2..0b1fa3f2eaf2a33084b3410de440fdd4bbbe27b2 100644 (file)
--- a/src/helpers/ring.h
+++ b/src/helpers/ring.h
@@ -41,7 +41,7 @@ public:
      bool push();
  
      T get(T);
-    bool put(T);
+    bool put(const T&);
  
      T* grab_store(int& ix);
  
@@ -104,7 +104,7 @@ T Ring<T>::get(T v)
  }
  
  template <typename T>
-bool Ring<T>::put(T v)
+bool Ring<T>::put(const T& v)
  {
      T* p = write();
      if ( !p )
diff --git a/src/network_inspectors/appid/service_plugins/service_ftp.cc b/src/network_inspectors/appid/service_plugins/service_ftp.cc

index bd34492d4f55e60abe28f9ef8995e19e7fc4c622..79668cff07d001779eee767223767617a8be3270 100644 (file)
--- a/src/network_inspectors/appid/service_plugins/service_ftp.cc
+++ b/src/network_inspectors/appid/service_plugins/service_ftp.cc
@@ -797,7 +797,7 @@ static int ftp_validate_port(const uint8_t* data, uint16_t size, SfIp* address,
      uint32_t addr;
      uint32_t addr2;
  
-    memset(address,0,sizeof(*address));
+    address->clear();
      *port = 0;
  
      end = data + size;
@@ -864,7 +864,7 @@ static int ftp_validate_eprt(const uint8_t* data, uint16_t size, SfIp* address,
      uint32_t tmp;
      char tmp_str[INET6_ADDRSTRLEN+1];
  
-    memset(address, 0, sizeof(*address));
+    address->clear();
      *port = 0;
  
      end = data + size;
diff --git a/src/network_inspectors/port_scan/ps_detect.cc b/src/network_inspectors/port_scan/ps_detect.cc

index ed552c41e95343b8eb18b6f3753b318ca2a690f8..6992073245a2a1bccce4d1b01cab6507fb75d73d 100644 (file)
--- a/src/network_inspectors/port_scan/ps_detect.cc
+++ b/src/network_inspectors/port_scan/ps_detect.cc
@@ -320,7 +320,7 @@ static PS_TRACKER* ps_tracker_get(PS_HASH_KEY* key)
  
  
      if ( ht )
-        memset(ht, 0x00, sizeof(PS_TRACKER));
+        *ht = {};
  
      return ht;
  }
@@ -453,7 +453,7 @@ void PortScan::ps_proto_update_window(unsigned interval, PS_PROTO* proto, time_t
  {
      if (pkt_time > proto->window)
      {
-        memset(proto, 0x00, sizeof(PS_PROTO));
+        *proto = {};
  
          proto->window = pkt_time + interval;
      }
diff --git a/src/service_inspectors/ftp_telnet/ftpp_si.cc b/src/service_inspectors/ftp_telnet/ftpp_si.cc

index 4fe3e645deee3afd4b122c360a0ee789546c0a1b..75e2670c33202342708a7783da8ffaf3fe367e11 100644 (file)
--- a/src/service_inspectors/ftp_telnet/ftpp_si.cc
+++ b/src/service_inspectors/ftp_telnet/ftpp_si.cc
@@ -415,7 +415,7 @@ static inline int FTPResetsession(FTP_SESSION* Ftpsession)
  
  FtpFlowData::FtpFlowData() : FlowData(inspector_id)
  {
-    memset(&session, 0, sizeof(session));
+    session = {};
      ftstats.concurrent_sessions++;
      if(ftstats.max_concurrent_sessions < ftstats.concurrent_sessions)
          ftstats.max_concurrent_sessions = ftstats.concurrent_sessions;
diff --git a/src/sfip/sf_ip.h b/src/sfip/sf_ip.h

index 74431d5a39ba51cc8040aba6a1306b86807636b6..443ec769550b925dbc039a3be0e2199ec7c519f6 100644 (file)
--- a/src/sfip/sf_ip.h
+++ b/src/sfip/sf_ip.h
@@ -124,7 +124,7 @@ private:
          uint32_t ip32[4];
          uint64_t ip64[2];
      };
-    int16_t family;
+    int16_t family = AF_UNSPEC;
  } __attribute__((__packed__));
  
  
@@ -134,7 +134,7 @@ private:
  
  inline void SfIp::clear()
  {
-    family = 0;
+    family = AF_UNSPEC;
      ip32[0] = ip32[1] = ip32[2] = ip32[3] = 0;
  }
  
diff --git a/src/utils/util.cc b/src/utils/util.cc

index 8568b42b8cdfc21c5a3985be62f24434286f91ee..2494b1546436d7cf28e7de2e4d2111c1bb7d3ddf 100644 (file)
--- a/src/utils/util.cc
+++ b/src/utils/util.cc
@@ -302,6 +302,7 @@ bool rotate_file_for_max_size(const char* file_owner, const char* old_file,
      SnortSnprintf(rotate_file, PATH_MAX, "%s_" STDu64,  old_file, (uint64_t)ts);
  
      // If the rotate file doesn't exist, just rename the old one to the new one
+    // coverity[fs_check_call]
      if (stat(rotate_file, &fstats) != 0)
      {
          if (rename(old_file, rotate_file) != 0)
@@ -332,6 +333,7 @@ bool rotate_file_for_max_size(const char* file_owner, const char* old_file,
                  SnortSnprintf(rotate_file_with_index, PATH_MAX, "%s.%02d",
                      rotate_file, rotate_index);
              }
+            // coverity[fs_check_call]
              while (stat(rotate_file_with_index, &fstats) == 0);
  
              // Subtract one to append to last existing file
@@ -474,4 +476,3 @@ TEST_CASE("uint8_to_printable_str end with |", "[util]")
      CHECK((strcmp(print_str.c_str(),"a|00 |") == 0));
  }
  #endif
-
diff --git a/src/utils/util_cstring.cc b/src/utils/util_cstring.cc

index 5b8965f8f7432e72597a7e99c7da2709ab19a10d..32623e40e30553ee89beedf01e584e5395686672 100644 (file)
--- a/src/utils/util_cstring.cc
+++ b/src/utils/util_cstring.cc
@@ -310,11 +310,11 @@ int sfsnprintfappend(char* dest, int dsize, const char* format, ...)
      int currLen, appendLen;
      va_list ap;
  
-    if (!dest || dsize == 0)
+    if (!dest || dsize <= 0)
          return -1;
  
      currLen = SnortStrnlen(dest, dsize);
-    if (currLen == -1)
+    if (currLen < 0 || currLen >= dsize)
          return -1;
  
      va_start(ap, format);
@@ -323,8 +323,9 @@ int sfsnprintfappend(char* dest, int dsize, const char* format, ...)
  
      dest[dsize-1]=0; /* guarantee a null termination */
  
-    if (appendLen >= (dsize - currLen))
-        appendLen = dsize - currLen - 1;
+    int remaining = dsize - currLen;
+    if (appendLen >= remaining)
+        appendLen = (remaining > 0) ? remaining - 1 : 0;
      else if (appendLen < 0)
          appendLen = 0;
  
@@ -349,4 +350,3 @@ int safe_snprintf(char* s, size_t n, const char* format, ... )
  }
  
  }
-
author	Volodymyr Shpyrka -X (vshpyrka - SOFTSERVE INC at Cisco) <vshpyrka@cisco.com>
	Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)
committer	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Mon, 1 Dec 2025 14:40:11 +0000 (14:40 +0000)
src/detection/detection_continuation.h		patch \| blob \| blame \| history
src/helpers/ring.h		patch \| blob \| blame \| history
src/network_inspectors/appid/service_plugins/service_ftp.cc		patch \| blob \| blame \| history
src/network_inspectors/port_scan/ps_detect.cc		patch \| blob \| blame \| history
src/service_inspectors/ftp_telnet/ftpp_si.cc		patch \| blob \| blame \| history
src/sfip/sf_ip.h		patch \| blob \| blame \| history
src/utils/util.cc		patch \| blob \| blame \| history
src/utils/util_cstring.cc		patch \| blob \| blame \| history