// alert_luajit.cc author Russ Combs <rucombs@cisco.com>
#include <assert.h>
-#include <vector>
+#include <vector> // FIXIT-A Returning null reference (somewhere below)
#include <lua.hpp>
#include "main/snort_types.h"
ServiceMatch** tmp;
smOrderedListSize *= 2;
assert(smOrderedListSize > 0);
- // FIXIT-A - Even with the assert() on the previous line, the clang
- // static analyser version 3.4.2 throws a false positive
- // realloc() zero size error, More recent clang versions
- // do NOT find an error.
+
tmp = (ServiceMatch**)realloc(smOrderedList,
smOrderedListSize * sizeof(*smOrderedList));
+
if (!tmp)
{
ErrorMessage("Realloc failure %u\n",smOrderedListSize);
// base_tracker.cc author Carter Waxman <cwaxman@cisco.com>
-#include "base_tracker.h"
+#include "base_tracker.h" // FIXIT-A Returning null reference (from <vector>)
#include "perf_module.h"
#include "framework/module.h"
#include <sstream>
#include <vector>
-#include "detection/detection_options.h"
+// this include eventually leads to possible issues with std::chrono:
+// 1. Undefined or garbage value returned to caller (rep count())
+// 2. The left expression of the compound assignment is an uninitialized value.
+// The computed value will also be garbage (duration& operator+=(const duration& __d))
+#include "detection/detection_options.h" // ... FIXIT-A
+
#include "detection/treenodes.h"
#include "hash/sfghash.h"
#include "main/snort_config.h"
inline uint32_t NbssLen(const NbssHdr* nb)
{
/* Treat first bit of flags as the upper byte to length */
- return ((nb->flags & 0x01) << 16) | ntohs(nb->length);
+ // The left operand of '&' is a garbage value
+ return ((nb->flags & 0x01) << 16) | ntohs(nb->length); // ... FIXIT-A
}
inline uint8_t NbssType(const NbssHdr* nb)
inline int SmbType(const SmbNtHdr* hdr)
{
- if (hdr->smb_flg & SMB_FLG__TYPE)
+ // Access to field 'smb_flg' results in a dereference of a null pointer
+ // (loaded from variable 'hdr')
+ if (hdr->smb_flg & SMB_FLG__TYPE) // ... FIXIT-A
return SMB_TYPE__RESPONSE;
return SMB_TYPE__REQUEST;
else
ftracker = (DCE2_SmbFileTracker*)DCE2_ListNext(ssd->ftrackers);
}
-
- // FIXIT-A - Even with the assert(ssd) a few lines prior, the clang
- // static analyser version 3.4.2 throws a false positive
- // null pointer dereference error, More recent clang versions
- // do NOT find an error.
ssd->fapi_ftracker = ftracker;
}
if ((NULL == dialog)&&(SIP_METHOD_CANCEL != sipMsg->methodFlag))
{
// Clang analyzer is false positive, dlist->head is updated after free
- dialog = SIP_addDialog(sipMsg, dList->head, dList); // FIXIT-A
+ // (Use of memory after it is freed)
+ dialog = SIP_addDialog(sipMsg, dList->head, dList); // ... FIXIT-A
}
methodFlag = sipMsg->methodFlag;
return true;
}
-// TO-DO: Appid related. Publish event for appid
+// FIXIT-H Publish event for appid
#if 0
/*********************************************************************
* Update appId sip detector with parsed SIP message and dialog
else
ret = false;
+// FIXIT-H Publish event for appid
#if 0
for (dialog = dList->head;
dialog;
if (sipMsg->dlgID.callIdHash == dialog->dlgID.callIdHash)
break;
}
+ sip_update_appid(p, sipMsg, dialog);
#endif
- //sip_update_appid(p, sipMsg, dialog);
return ret;
}
{
node->next = ft->fraglist;
if (node->next)
- node->next->prev = node;
+ node->next->prev = node; // FIXIT-A Use of memory after it is freed
else
ft->fraglist_tail = node;
ft->fraglist = node;