Snort mailing list archives
Re: Undefined variable/garbage values encountered in snort-2.9.7.5
From: "Nageswara Rao A.V.K (navk)" <navk () cisco com>
Date: Sun, 9 Aug 2015 08:01:38 +0000
Hello Bill, It looks clang-analyzer is not able to analyze variable initialization spread across functions/files. Please find my comments below. From: Bill Parker [mailto:wp02855 () gmail com] Sent: Sunday, August 09, 2015 1:29 AM To: snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>; vroemer () cisco com<mailto:vroemer () cisco com> Subject: [Snort-devel] Undefined variable/garbage values encountered in snort-2.9.7.5 Hello All, In processing snort-2.9.7.5 through clang-analyzer 3.5.0, in 'detection-plugins', file 'sp_respond3', module/function 'Resp3_parse', at line 213: while (i < num_toks), while i is set to zero on line 212, it would appear num_toks is declared at line 204, but it is never assigned a value (i.e. - un-initialized) before it is compared at line 213 (thus, it could be anything). ANR>> ‘num_toks’ is initiated in ‘mSplit’ function, called at line 207. Refer ‘mSplit’ function definition in mstring.c file at line 138. If ‘type’ is NULL, program will be shut down in FatalError at line 209. So, num_toks will have valid value at line 213. ====================================================================== In 'detection-plugins', file 'detection_options.c', module/function 'detection_option_node_evaluate' at line 1212, the expansion of the macro 'NODE_PROFILE_TMPEND' which is below: if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__ ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t) a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end - node_ticks_start; node_deltas += node_ticks_delta; } results in the right operand of '-' is a garbage value (which appears to be variable 'node_ticks_start'), and does not appear to be initialized inside of the macro itself. ANR>> ‘node_ticks_start’ is initialized in macro ‘NODE_PROFILE_START’ called at line 905. ‘node_ticks_start’ is initialized with get_clockticks(), in above macro path. NODE_PROFILE_START(node)-> PROFILE_START_NAMED(node)-> get_clockticks(node_ticks_start) ====================================================================== In 'detection-plugins', file 'detection_options.c', module/function 'detection_option_node_evaluate' at lines 1163, 1172, 1199, the macro expansion of 'NODE_PROFILE_END_NOMATCH' which is below: if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__ ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t) a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end - node_ticks_start; node->ticks += node_ticks_delta + node_deltas ; node->ticks_no_match += node_ticks_delta + node_deltas; } results in the right operand of '-' is a garbage value (which appears to be variable 'node_ticks_start'), and does not appear to be initialized inside of the macro itself. ANR>> Same as above. ======================================================================= I am attaching the HTML output from clang-analyzer to this bug report. Bill Parker
------------------------------------------------------------------------------
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Undefined variable/garbage values encountered in snort-2.9.7.5 Bill Parker (Aug 08)
- Re: Undefined variable/garbage values encountered in snort-2.9.7.5 Nageswara Rao A.V.K (navk) (Aug 09)
- Re: Undefined variable/garbage values encountered in snort-2.9.7.5 Nageswara Rao A.V.K (navk) (Aug 09)