From: Michael Altizer (mialtize) <mialtize@cisco.com>
Date: Mon, 3 Oct 2016 15:03:21 +0000 (-0400)
Subject: Merge pull request #651 in SNORT/snort3 from static_analysis_fixes to master
X-Git-Tag: 3.0.0-233~245
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f984769fb7342ff257c3b0676066a86cb7badde;p=thirdparty%2Fsnort3.git

Merge pull request #651 in SNORT/snort3 from static_analysis_fixes to master

Squashed commit of the following:

commit 3add74c4db289a86987f766f2d3e25a14607c64a
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date:   Mon Oct 3 10:53:39 2016 -0400

    Add FIXIT-A to style guide to indicate a static analysis issue.

commit 69b060b5b54f6b32601bc02ddd65e3d2d94db785
Author: Ed Borgoyn <eborgoyn@cisco.com>
Date:   Mon Oct 3 09:16:08 2016 -0400

    Added FIXIT-A for two clang static analysis False Positive findings.
---

diff --git a/doc/style.txt b/doc/style.txt
index 6cf6b41c4..9274b9f6e 100644
--- a/doc/style.txt
+++ b/doc/style.txt
@@ -94,9 +94,9 @@ yet firm so feedback is welcome to get something we can live with.
   day or even just a minute.  That way we can find them easily and won't
   lose track of them.
 
-* Presently using FIXIT-X where X = P | H | M | L, indicating perf, high,
-  med, or low priority.  For now, H, M, or L can indicate alpha 1, 2, or 3.
-  Perf changes fall between alpha 1 and 2.
+* Presently using FIXIT-X where X = A | P | H | M | L, indicating analysis,
+  perf, high, med, or low priority.  For now, H, M, or L can indicate alpha
+  1, 2, or 3.  Perf changes fall between alpha 1 and 2.
 
 * Put the copyright(s) and license in a comment block at the top of each
   source file (.h and .cc).  Don't bother with trivial scripts and make
diff --git a/src/network_inspectors/appid/service_plugins/service_base.cc b/src/network_inspectors/appid/service_plugins/service_base.cc
index c18c43ea8..9d2ec6671 100644
--- a/src/network_inspectors/appid/service_plugins/service_base.cc
+++ b/src/network_inspectors/appid/service_plugins/service_base.cc
@@ -986,6 +986,10 @@ static inline RNAServiceElement* AppIdGetServiceByPattern(const Packet* pkt, IpP
             ServiceMatch** tmp;
             smOrderedListSize *= 2;
             assert(smOrderedListSize > 0);
+            // FIXIT-A - Even with the assert() on the previous line, the clang 
+            //          static analyser version 3.4.2 throws a false positive
+            //          realloc() zero size error,  More recent clang versions
+            //          do NOT find an error.
             tmp = (ServiceMatch**)realloc(smOrderedList,
                     smOrderedListSize * sizeof(*smOrderedList));
             if (!tmp)
diff --git a/src/service_inspectors/dce_rpc/dce_smb_utils.cc b/src/service_inspectors/dce_rpc/dce_smb_utils.cc
index 93aaa608a..61542329a 100644
--- a/src/service_inspectors/dce_rpc/dce_smb_utils.cc
+++ b/src/service_inspectors/dce_rpc/dce_smb_utils.cc
@@ -1972,6 +1972,10 @@ static void DCE2_SmbSetNewFileAPIFileTracker(DCE2_SmbSsnData* ssd)
             ftracker = (DCE2_SmbFileTracker*)DCE2_ListNext(ssd->ftrackers);
     }
 
+    // FIXIT-A - Even with the assert(ssd) a few lines prior, the clang 
+    //          static analyser version 3.4.2 throws a false positive
+    //          null pointer dereference error,  More recent clang versions
+    //          do NOT find an error.
     ssd->fapi_ftracker = ftracker;
 }