Bug #8641
Updated by Denis Balashov 4 days ago
The identifier regex in qa/coccinelle/malloc-error-check.cocci uses
PCRE-style '(A|B)' syntax in all five identifier =~ patterns. However,
Coccinelle uses OCaml Str as its regex engine, where '|' and '()' are
literal characters, not alternation operators.
As a result, the @malloced rule never matched any SC*alloc function call,
making the entire script silently produce no output — all unchecked
allocations in the codebase went unreported.
Fix: replace '(SCMalloc|SCStrdup|...)' with 'SCMalloc\|SCStrdup\|...'
(OCaml Str alternation syntax) in all five patterns.
This bug was present from the beginning — it is not related to a
Coccinelle version update.
PR
https://github.com/OISF/suricata/pull/15584