From: Victor Julien <vjulien@oisf.net>
Date: Wed, 20 Mar 2024 06:18:44 +0000 (+0100)
Subject: eve/alert: fix validation check
X-Git-Tag: suricata-7.0.7~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b5851d2d14b6167be6a08e1ae8b22b97d6a497fc;p=thirdparty%2Fsuricata.git

eve/alert: fix validation check

Bug: #6875.
(cherry picked from commit 0be3ba802e1433632e48a7160cc6ae9fbe4c239e)
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index e74906b7be..8dade1901b 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -881,8 +881,8 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
             int stream = (p->proto == IPPROTO_TCP) ?
                          (pa->flags & (PACKET_ALERT_FLAG_STATE_MATCH | PACKET_ALERT_FLAG_STREAM_MATCH) ?
                          1 : 0) : 0;
-            DEBUG_VALIDATE_BUG_ON(
-                    p->flow == NULL); // should be impossible, but scan-build got confused
+            // should be impossible, as stream implies flow
+            DEBUG_VALIDATE_BUG_ON(stream && p->flow == NULL);
 
             /* Is this a stream?  If so, pack part of it into the payload field */
             if (stream && p->flow != NULL) {