Actions
Bug #3865
closedflow: coverity issues
Affected Versions:
Effort:
Difficulty:
Label:
Description
** CID 1465663: Null pointer dereferences (FORWARD_NULL) ________________________________________________________________________________________________________ *** CID 1465663: Null pointer dereferences (FORWARD_NULL) /src/flow-hash.c: 620 in TcpReuseReplace() 614 FlowThreadId thread_id[2] = { old_f->thread_id[0], old_f->thread_id[1] }; 615 616 /* since fb lock is still held this flow won't be found until we are done */ 617 FLOWLOCK_UNLOCK(old_f); 618 619 /* Get a new flow. It will be either a locked flow or NULL */ >>> CID 1465663: Null pointer dereferences (FORWARD_NULL) >>> Passing "fls" to "FlowGetNew", which dereferences null "fls->dtv". 620 Flow *f = FlowGetNew(tv, fls, p); 621 if (f == NULL) { 622 return NULL; 623 } 624 625 /* flow is locked */ ** CID 1465660: Program hangs (LOCK) /src/flow-manager.c: 536 in FlowTimeoutHash() ________________________________________________________________________________________________________ *** CID 1465660: Program hangs (LOCK) /src/flow-manager.c: 536 in FlowTimeoutHash() 530 counters->rows_empty += rows_empty; 531 532 if (td->aside_queue.len) { 533 cnt += ProcessAsideQueue(td, counters); 534 } 535 counters->flows_removed += cnt; >>> CID 1465660: Program hangs (LOCK) >>> Returning without unlocking "evicted->m". 536 return cnt; 537 } 538 539 static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td, 540 struct timeval *ts, 541 const uint32_t hash_min, const uint32_t hash_max, ** CID 1465659: Null pointer dereferences (FORWARD_NULL) /src/flow-hash.c: 1098 in FlowGetUsedFlow() ________________________________________________________________________________________________________ *** CID 1465659: Null pointer dereferences (FORWARD_NULL) /src/flow-hash.c: 1098 in FlowGetUsedFlow() 1092 (void)OutputFlowLog(tv, dtv->output_flow_thread_data, f); 1093 1094 FlowClearMemory(f, f->protomap); 1095 1096 /* leave locked */ 1097 >>> CID 1465659: Null pointer dereferences (FORWARD_NULL) >>> Dereferencing null pointer "dtv". 1098 STATSADDUI64(counter_flow_get_used_eval, tried); 1099 return f; 1100 } 1101 1102 STATSADDUI64(counter_flow_get_used_failed, 1); 1103 return NULL; ** CID 1465658: Control flow issues (DEADCODE) /src/flow-hash.c: 517 in FlowSpareSync() ________________________________________________________________________________________________________ *** CID 1465658: Control flow issues (DEADCODE) /src/flow-hash.c: 517 in FlowSpareSync() 511 #endif 512 if (spare_sync) { 513 if (f != NULL) { 514 StatsAddUI64(tv, fls->dtv->counter_flow_spare_sync_avg, fls->spare_queue.len+1); 515 } else if (f == NULL && fls->spare_queue.len == 0) { 516 StatsIncr(tv, fls->dtv->counter_flow_spare_sync_empty); >>> CID 1465658: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "fls->spare_queue.len < 99U" inside this statement: "if (f != NULL && fls->spare...". 517 } else if (f != NULL && fls->spare_queue.len < 99) { 518 StatsIncr(tv, fls->dtv->counter_flow_spare_sync_incomplete); 519 } 520 StatsIncr(tv, fls->dtv->counter_flow_spare_sync); 521 } 522 #ifdef UNITTESTS
Updated by Victor Julien over 4 years ago
https://github.com/OISF/suricata/pull/5325 fixes all but the unlock one. That is a FP, so I need to suppress it. Leaving the ticket open for now.
Updated by Victor Julien over 4 years ago
- Status changed from Assigned to Closed
Actions