Snort mailing list archives

Re: Undefined variable/garbage values encountered in snort-2.9.7.5

From: "Nageswara Rao A.V.K (navk)" <navk () cisco com>
Date: Sun, 9 Aug 2015 08:01:38 +0000

Hello Bill,
    It looks clang-analyzer is not able to analyze variable initialization spread across functions/files.
Please find my comments  below.

From: Bill Parker [mailto:wp02855 () gmail com]
Sent: Sunday, August 09, 2015 1:29 AM
To: snort-devel () lists sourceforge net<mailto:snort-devel () lists sourceforge net>; vroemer () cisco 
com<mailto:vroemer () cisco com>
Subject: [Snort-devel] Undefined variable/garbage values encountered in snort-2.9.7.5

Hello All,

   In processing snort-2.9.7.5 through clang-analyzer 3.5.0, in
'detection-plugins', file 'sp_respond3', module/function 'Resp3_parse',
at line 213: while (i < num_toks), while i is set to zero on line
212, it would appear num_toks is declared at line 204, but it is
never assigned a value (i.e. - un-initialized) before it is compared
at line 213 (thus, it could be anything).
ANR>> ‘num_toks’ is initiated in ‘mSplit’ function, called at line 207.
Refer ‘mSplit’ function definition in mstring.c file at line 138.
If ‘type’ is NULL, program will be shut down in FatalError at line 209.
So,  num_toks will have valid value at line 213.

======================================================================

In 'detection-plugins', file 'detection_options.c', module/function
'detection_option_node_evaluate' at line 1212, the expansion of the
macro 'NODE_PROFILE_TMPEND' which is below:

if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__
 ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t)
a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end
 - node_ticks_start; node_deltas += node_ticks_delta; }

results in the right operand of '-' is a garbage value (which
appears to be variable 'node_ticks_start'), and does not
appear to be initialized inside of the macro itself.
ANR>> ‘node_ticks_start’ is initialized in macro ‘NODE_PROFILE_START’ called at line 905.
‘node_ticks_start’ is initialized with get_clockticks(), in above macro path.

NODE_PROFILE_START(node)-> PROFILE_START_NAMED(node)-> get_clockticks(node_ticks_start)

======================================================================

In 'detection-plugins', file 'detection_options.c', module/function
'detection_option_node_evaluate' at lines 1163, 1172, 1199, the
macro expansion of 'NODE_PROFILE_END_NOMATCH' which is below:

if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__
 ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t)
a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end
 - node_ticks_start; node->ticks += node_ticks_delta + node_deltas
; node->ticks_no_match += node_ticks_delta + node_deltas; }

results in the right operand of '-' is a garbage value (which
appears to be variable 'node_ticks_start'), and does not
appear to be initialized inside of the macro itself.
ANR>> Same as above.

=======================================================================

I am attaching the HTML output from clang-analyzer to this bug report.

Bill Parker

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

Undefined variable/garbage values encountered in snort-2.9.7.5 Bill Parker (Aug 08)
- Re: Undefined variable/garbage values encountered in snort-2.9.7.5 Nageswara Rao A.V.K (navk) (Aug 09)
- Re: Undefined variable/garbage values encountered in snort-2.9.7.5 Nageswara Rao A.V.K (navk) (Aug 09)