[Snort-devel] Undefined variable/garbage values encountered in snort-2.9.7.5

Bill Parker wp02855 at ...2499...
Sat Aug 8 15:58:59 EDT 2015


Hello All,

   In processing snort-2.9.7.5 through clang-analyzer 3.5.0, in
'detection-plugins', file 'sp_respond3', module/function 'Resp3_parse',
at line 213: while (i < num_toks), while i is set to zero on line
212, it would appear num_toks is declared at line 204, but it is
never assigned a value (i.e. - un-initialized) before it is compared
at line 213 (thus, it could be anything).

======================================================================

In 'detection-plugins', file 'detection_options.c', module/function
'detection_option_node_evaluate' at line 1212, the expansion of the
macro 'NODE_PROFILE_TMPEND' which is below:

if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__
 ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t)
a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end
 - node_ticks_start; node_deltas += node_ticks_delta; }

results in the right operand of '-' is a garbage value (which
appears to be variable 'node_ticks_start'), and does not
appear to be initialized inside of the macro itself.

======================================================================

In 'detection-plugins', file 'detection_options.c', module/function
'detection_option_node_evaluate' at lines 1163, 1172, 1199, the
macro expansion of 'NODE_PROFILE_END_NOMATCH' which is below:

if (ScProfileRules()) { { uint32_t a, d; __asm__ __volatile__
 ("rdtsc" : "=a" (a), "=d" (d)); node_ticks_end = ((uint64_t)
a) | (((uint64_t)d) << 32); }; node_ticks_delta = node_ticks_end
 - node_ticks_start; node->ticks += node_ticks_delta + node_deltas
; node->ticks_no_match += node_ticks_delta + node_deltas; }

results in the right operand of '-' is a garbage value (which
appears to be variable 'node_ticks_start'), and does not
appear to be initialized inside of the macro itself.

=======================================================================

I am attaching the HTML output from clang-analyzer to this bug report.

Bill Parker
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment-0001.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment-0002.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment-0003.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment-0004.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20150808/d1057f1e/attachment-0005.html>


More information about the Snort-devel mailing list