Actions
Bug #3865
closedflow: coverity issues
Affected Versions:
Effort:
Difficulty:
Label:
Description
** CID 1465663: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1465663: Null pointer dereferences (FORWARD_NULL)
/src/flow-hash.c: 620 in TcpReuseReplace()
614 FlowThreadId thread_id[2] = { old_f->thread_id[0], old_f->thread_id[1] };
615
616 /* since fb lock is still held this flow won't be found until we are done */
617 FLOWLOCK_UNLOCK(old_f);
618
619 /* Get a new flow. It will be either a locked flow or NULL */
>>> CID 1465663: Null pointer dereferences (FORWARD_NULL)
>>> Passing "fls" to "FlowGetNew", which dereferences null "fls->dtv".
620 Flow *f = FlowGetNew(tv, fls, p);
621 if (f == NULL) {
622 return NULL;
623 }
624
625 /* flow is locked */
** CID 1465660: Program hangs (LOCK)
/src/flow-manager.c: 536 in FlowTimeoutHash()
________________________________________________________________________________________________________
*** CID 1465660: Program hangs (LOCK)
/src/flow-manager.c: 536 in FlowTimeoutHash()
530 counters->rows_empty += rows_empty;
531
532 if (td->aside_queue.len) {
533 cnt += ProcessAsideQueue(td, counters);
534 }
535 counters->flows_removed += cnt;
>>> CID 1465660: Program hangs (LOCK)
>>> Returning without unlocking "evicted->m".
536 return cnt;
537 }
538
539 static uint32_t FlowTimeoutHashInChunks(FlowManagerTimeoutThread *td,
540 struct timeval *ts,
541 const uint32_t hash_min, const uint32_t hash_max,
** CID 1465659: Null pointer dereferences (FORWARD_NULL)
/src/flow-hash.c: 1098 in FlowGetUsedFlow()
________________________________________________________________________________________________________
*** CID 1465659: Null pointer dereferences (FORWARD_NULL)
/src/flow-hash.c: 1098 in FlowGetUsedFlow()
1092 (void)OutputFlowLog(tv, dtv->output_flow_thread_data, f);
1093
1094 FlowClearMemory(f, f->protomap);
1095
1096 /* leave locked */
1097
>>> CID 1465659: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "dtv".
1098 STATSADDUI64(counter_flow_get_used_eval, tried);
1099 return f;
1100 }
1101
1102 STATSADDUI64(counter_flow_get_used_failed, 1);
1103 return NULL;
** CID 1465658: Control flow issues (DEADCODE)
/src/flow-hash.c: 517 in FlowSpareSync()
________________________________________________________________________________________________________
*** CID 1465658: Control flow issues (DEADCODE)
/src/flow-hash.c: 517 in FlowSpareSync()
511 #endif
512 if (spare_sync) {
513 if (f != NULL) {
514 StatsAddUI64(tv, fls->dtv->counter_flow_spare_sync_avg, fls->spare_queue.len+1);
515 } else if (f == NULL && fls->spare_queue.len == 0) {
516 StatsIncr(tv, fls->dtv->counter_flow_spare_sync_empty);
>>> CID 1465658: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "fls->spare_queue.len < 99U" inside this statement: "if (f != NULL && fls->spare...".
517 } else if (f != NULL && fls->spare_queue.len < 99) {
518 StatsIncr(tv, fls->dtv->counter_flow_spare_sync_incomplete);
519 }
520 StatsIncr(tv, fls->dtv->counter_flow_spare_sync);
521 }
522 #ifdef UNITTESTS
Updated by Victor Julien about 4 years ago
https://github.com/OISF/suricata/pull/5325 fixes all but the unlock one. That is a FP, so I need to suppress it. Leaving the ticket open for now.
Updated by Victor Julien about 4 years ago
- Status changed from Assigned to Closed
Actions