From: Davis McPherson -X (davmcphe - XORIANT CORPORATION at Cisco) <davmcphe@cisco.com>
Date: Mon, 8 Sep 2025 15:06:03 +0000 (+0000)
Subject: Pull request #4889: snort: resolve coverity warnings in host_tracker and module_manager
X-Git-Tag: 3.9.6.0~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=594fba49fc62fbd1930e534307b92c4cf6744c7c;p=thirdparty%2Fsnort3.git

Pull request #4889: snort: resolve coverity warnings in host_tracker and module_manager

Merge in SNORT/snort3 from ~DAVMCPHE/snort3:fix_coverity_issues to master

Squashed commit of the following:

commit 006b980c53eebe5453e173373461340f47743686
Author: davis mcpherson <davmcphe@cisco.com>
Date:   Mon Sep 1 15:14:57 2025 -0400

    module_manager: use std::move to improve performance when assigning string variables
                    add comment to suppress coverity false positive on string assignment

    host_tracker: iterate over network protocol vectors with reverse iterators instead of while loop

    host_tracker: acquire lock on host tracker cache before read access of member variables
---

diff --git a/src/host_tracker/host_tracker.cc b/src/host_tracker/host_tracker.cc
index c2b27fd6a..81ff015e8 100644
--- a/src/host_tracker/host_tracker.cc
+++ b/src/host_tracker/host_tracker.cc
@@ -1120,11 +1120,11 @@ void HostTracker::remove_flows()
 
 void HostTracker::update_cache_interface(uint8_t idx)
 {
+    std::lock_guard<std::mutex> lock(host_tracker_lock);
 
     if (idx == cache_idx and cache_interface == host_cache.seg_list[idx])
         return;
 
-    std::lock_guard<std::mutex> lock(host_tracker_lock);
     cache_idx = idx;
     cache_interface = host_cache.seg_list[idx];
 
@@ -1278,11 +1278,10 @@ void HostTracker::stringify(string& str)
     {
         str += "\nnetwork proto: ";
         auto total = network_protos.size();
-        while ( total-- )
+        for (auto proto = network_protos.crbegin(); proto != network_protos.crend(); ++proto)
         {
-            const auto& proto = network_protos[total];
-            if ( proto.second == true )
-                str += to_string(proto.first) + (total? ", " : "");
+            if ( proto->second == true )
+                str += to_string(proto->first) + (--total ? ", " : "");
         }
     }
 
@@ -1291,11 +1290,10 @@ void HostTracker::stringify(string& str)
     {
         str += "\ntransport proto: ";
         auto total = xport_protos.size();
-        while ( total-- )
+        for (auto proto = xport_protos.crbegin(); proto != xport_protos.crend(); ++proto)
         {
-            const auto& proto = xport_protos[total];
-            if ( proto.second == true )
-                str += to_string(proto.first) + (total? ", " : "");
+            if ( proto->second == true )
+                str += to_string(proto->first) + (--total ? ", " : "");
         }
     }
 
diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc
index e9cb2654c..b700c543e 100644
--- a/src/managers/module_manager.cc
+++ b/src/managers/module_manager.cc
@@ -822,17 +822,14 @@ SO_PUBLIC bool open_table(const char* s, int idx)
         }
     }
 
-    string unique_key = key;
-    if ( !s_aliased_name.empty() )
-        unique_key = s_aliased_name;
-
+    string unique_key = s_aliased_name.empty() ? key : s_aliased_name;
     if ( s_current != unique_key )
     {
         if ( fqn != orig )
             LogMessage("\t%s (%s)\n", key.c_str(), orig);
         else
             LogMessage("\t%s\n", key.c_str());
-        s_current = unique_key;
+        s_current = std::move(unique_key);
     }
 
     if ( s_config->dump_config_mode() or s_config->gen_dump_config() )
@@ -863,6 +860,7 @@ SO_PUBLIC void close_table(const char* s, int idx)
     set_type(fqn);
     s = fqn.c_str();
 
+    // coverity[COPY_INSTEAD_OF_MOVE]
     string key = fqn;
     set_top(key);