Project

General

Profile

Actions

Bug #1484

open

Remove BUG_ON(1) statements in the packet path

Added by Victor Julien over 9 years ago. Updated 2 months ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:
Beginner, Hardening

Description

As issue #1482, but review all the BUG_ON's.

Actions #1

Updated by Jason Ish over 9 years ago

Do you really want them out of the packet path?

One school of thought is to liberally use assertions, but have them enabled as a compile time option - typically enabled during development, but off by default for production use.

Actions #2

Updated by Victor Julien over 9 years ago

I don't mind keeping them in some form (DEBUG_VALIDATION comes to mind), but we can't just switch the BUG_ON macro to do that w/o reviewing all places it is used now. In this specific case, the assertion would have to move up a bit, and only trigger the EBUSY case. Thats the only bug/issue really, as the NOMEM case could be triggered by memcaps being reached.

Actions #3

Updated by Victor Julien almost 9 years ago

  • Target version changed from 3.0RC1 to 70
Actions #4

Updated by Victor Julien over 8 years ago

  • % Done changed from 0 to 20

DNS BUG_ON's removed through: https://github.com/inliniac/suricata/pull/1915

Not sure how many are left.

Actions #5

Updated by Victor Julien over 6 years ago

  • Assignee changed from Jason Ish to OISF Dev
Actions #6

Updated by Andreas Herz over 5 years ago

Some are left :)

src/detect-tag.c:            BUG_ON(1);
src/detect-flowint.c:                BUG_ON(1);
src/util-unittest.h:            BUG_ON(1);                                 \
src/detect-engine-sigorder.c:                BUG_ON(1);
src/detect-engine-sigorder.c:                BUG_ON(1);
src/detect-engine-sigorder.c:                BUG_ON(1);
src/detect-engine-sigorder.c:                BUG_ON(1);
src/detect-engine-sigorder.c:                    BUG_ON(1);
src/detect-engine-sigorder.c:                    BUG_ON(1);
src/detect-engine.c:        BUG_ON(1);
src/detect-engine.c:        BUG_ON(1);
src/detect-engine.c:        BUG_ON(1);
src/detect-engine.c:        BUG_ON(1);
src/detect-engine-mpm.c:            BUG_ON(1);
src/detect-engine-port.c:        BUG_ON(1);
src/app-layer-ssh.c:            BUG_ON(1);// we only call this when we have enough data
src/source-af-packet.c:        BUG_ON(1);
src/detect-filestore.c:        BUG_ON(1);
src/detect-engine-content-inspection.c:        BUG_ON(1);
src/flow-timeout.c:            BUG_ON(1);
src/tm-threads.c:            BUG_ON(1);
src/detect-engine-build.c:            BUG_ON(1);
src/util-validate.h:            BUG_ON(1);                              \
src/util-unittest-helper.c:            BUG_ON(1);
src/util-unittest-helper.c:            BUG_ON(1);
src/tests/detect.c:        BUG_ON(1);
src/tests/detect.c:        BUG_ON(1);
src/tests/detect.c:        BUG_ON(1);
src/tests/detect.c:        BUG_ON(1);
Actions #7

Updated by Andreas Herz over 5 years ago

  • Target version changed from 70 to TBD
Actions #8

Updated by Victor Julien about 5 years ago

  • Status changed from Assigned to New
  • Label Beginner added
Actions #9

Updated by Philippe Antoine 2 months ago

  • Label Hardening added
Actions #10

Updated by Philippe Antoine 2 months ago

Also some direct `abort()`

Actions

Also available in: Atom PDF