Project

General

Profile

Actions

Bug #3865

closed

flow: coverity issues

Added by Victor Julien over 4 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

** CID 1465663:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1465663:  Null pointer dereferences  (FORWARD_NULL)
/src/flow-hash.c: 620 in TcpReuseReplace()
614         FlowThreadId thread_id[2] = { old_f->thread_id[0], old_f->thread_id[1] };
615     
616         /* since fb lock is still held this flow won't be found until we are done */
617         FLOWLOCK_UNLOCK(old_f);
618     
619         /* Get a new flow. It will be either a locked flow or NULL */
>>>     CID 1465663:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing "fls" to "FlowGetNew", which dereferences null "fls->dtv".
620         Flow *f = FlowGetNew(tv, fls, p);
621         if (f == NULL) {
622             return NULL;
623         }
624     
625         /* flow is locked */

** CID 1465660:  Program hangs  (LOCK)
/src/flow-manager.c: 536 in FlowTimeoutHash()

________________________________________________________________________________________________________
*** CID 1465660:  Program hangs  (LOCK)
/src/flow-manager.c: 536 in FlowTimeoutHash()
530         counters->rows_empty += rows_empty;
531     
532         if (td->aside_queue.len) {
533             cnt += ProcessAsideQueue(td, counters);
534         }
535         counters->flows_removed += cnt;
>>>     CID 1465660:  Program hangs  (LOCK)
>>>     Returning without unlocking "evicted->m".
536         return cnt;
537     }
538     
539     static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td,
540             struct timeval *ts,
541             const uint32_t hash_min, const uint32_t hash_max,

** CID 1465659:  Null pointer dereferences  (FORWARD_NULL)
/src/flow-hash.c: 1098 in FlowGetUsedFlow()

________________________________________________________________________________________________________
*** CID 1465659:  Null pointer dereferences  (FORWARD_NULL)
/src/flow-hash.c: 1098 in FlowGetUsedFlow()
1092                 (void)OutputFlowLog(tv, dtv->output_flow_thread_data, f);
1093     
1094             FlowClearMemory(f, f->protomap);
1095     
1096             /* leave locked */
1097     
>>>     CID 1465659:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "dtv".
1098             STATSADDUI64(counter_flow_get_used_eval, tried);
1099             return f;
1100         }
1101     
1102         STATSADDUI64(counter_flow_get_used_failed, 1);
1103         return NULL;

** CID 1465658:  Control flow issues  (DEADCODE)
/src/flow-hash.c: 517 in FlowSpareSync()

________________________________________________________________________________________________________
*** CID 1465658:  Control flow issues  (DEADCODE)
/src/flow-hash.c: 517 in FlowSpareSync()
511     #endif
512             if (spare_sync) {
513                 if (f != NULL) {
514                     StatsAddUI64(tv, fls->dtv->counter_flow_spare_sync_avg, fls->spare_queue.len+1);
515                 } else if (f == NULL && fls->spare_queue.len == 0) {
516                     StatsIncr(tv, fls->dtv->counter_flow_spare_sync_empty);
>>>     CID 1465658:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "fls->spare_queue.len < 99U" inside this statement: "if (f != NULL && fls->spare...".
517                 } else if (f != NULL && fls->spare_queue.len < 99) {
518                     StatsIncr(tv, fls->dtv->counter_flow_spare_sync_incomplete);
519                 }
520                 StatsIncr(tv, fls->dtv->counter_flow_spare_sync);
521             }
522     #ifdef UNITTESTS
Actions #1

Updated by Victor Julien over 4 years ago

https://github.com/OISF/suricata/pull/5325 fixes all but the unlock one. That is a FP, so I need to suppress it. Leaving the ticket open for now.

Actions

Also available in: Atom PDF