Fix bugs reported by Clang analyzer by crolopez · Pull Request #3887 · wazuh/wazuh

crolopez · 2019-08-27T08:16:23Z

Related issue
#3870

This PR solves the bugs reported by Clang which can be seen in the linked issue.

The reports of dangerous castings to a struct from a non-struct type will be ignored (except for os_net.c). The reason for this is that we need to add strange and confusing code to silent these warnings, which are controlled situations (false positives). These reports cannot be omitted by just adding the #ifndef __clang_analyzer__ expression.

The undesired use of the sizeof function in syscheck_audit.c has been solved by using the size of the memory allocated in the cache variable.

The memory leak in rules.c has been solved by releasing the config_ruleinfo variable with the program flow jumps to cleanup tag in case of error. Fixing this is not dangerous since the error case of this function end in a merror_exit call (the program finishes), and for this reason, it didn't suppose a real memory leak.

The possibly memory leak reported in reports-config.c was a false positive because if os_report_configfilter function returns 0, the memory allocated in ncat is now referenced by another variable. For some reason, Clang analyzer does not verify the function flow. To solve it, the memory allocated for the filter_value parameter is not allocated in the function when arg_type is REPORT_FILTER.

Tests

This will again show false positives in the analysis if the checker alpha.core.CastToStruct is activated. To avoid them we have to mess up the code

If this happened, a merror_exit was executed

If the function returns 0, there is no such memory leak since the memory is still referenced

src/analysisd/rules.c

src/shared/report_op.c

src/syscheckd/syscheck_audit.c

crolopez requested a review from chemamartinez August 27, 2019 09:01

crolopez marked this pull request as ready for review August 27, 2019 09:01

crolopez mentioned this pull request Aug 27, 2019

scan-build 8 reports new minor defects #3870

Closed

crolopez changed the title ~~3870 fix defects~~ Fix bugs reported by Clang analyzer Aug 27, 2019

JuantAldea requested review from JuantAldea and vikman90 September 5, 2019 12:39

JuantAldea self-assigned this Sep 5, 2019

crolopez force-pushed the 3870-fix-defects branch from 9c5a3ae to dae4311 Compare September 5, 2019 13:46

JuantAldea approved these changes Sep 5, 2019 •

edited

Loading

View reviewed changes

JuantAldea requested a review from snaow September 5, 2019 15:10

JuantAldea assigned chemamartinez and vikman90 and unassigned JuantAldea Sep 10, 2019

snaow removed the request for review from vikman90 September 12, 2019 13:26

chemamartinez mentioned this pull request Sep 12, 2019

Remove useless select() calls in Analysisd decoders #3964

Merged

6 tasks

chemamartinez changed the base branch from 3.10 to 3.11 September 18, 2019 10:46

crolopez added 10 commits September 18, 2019 04:00

Avoid a Clang false positive in OS_GetHost function

dbb25c4

Avoid a Clang false positive in os_string function

cb03115

Avoid a Clang false positive in wm_inotify_start function

d77a405

Remove invalid use of sizeof function

6cff046

Re-include casting structures checking in Clang analysis

ff5540e

This will again show false positives in the analysis if the checker alpha.core.CastToStruct is activated. To avoid them we have to mess up the code

Remove duplicated expression

11ec130

Remove potential leak reported by Clang in rules.c

0143298

If this happened, a merror_exit was executed

Remove potential leak reported by Clang in reports-config.c

28a3d65

If the function returns 0, there is no such memory leak since the memory is still referenced

Unify the success conditions in os_report_configfilter function

b3ccae7

Prevent possible de-referencing use in read_controlmsg

e5eae83

chemamartinez force-pushed the 3870-fix-defects branch from 05f6097 to e5eae83 Compare September 18, 2019 11:04

chemamartinez suggested changes Sep 18, 2019

View reviewed changes

src/analysisd/rules.c Show resolved Hide resolved

src/shared/report_op.c Show resolved Hide resolved

src/shared/report_op.c Show resolved Hide resolved

src/syscheckd/syscheck_audit.c Outdated Show resolved Hide resolved

crolopez added 2 commits September 18, 2019 18:09

Fix invalid check in the audit engine

4c11426

Remove brackets from return calls in report_op.c

f2dec4b

Remove useless comment from rules.c

60af81c

chemamartinez mentioned this pull request Sep 19, 2019

check if MANAGER_IP is a valid IP or hostname #3951

Merged

26 tasks

chemamartinez approved these changes Sep 19, 2019

View reviewed changes

chemamartinez merged commit bc8187a into 3.11 Sep 19, 2019

chemamartinez deleted the 3870-fix-defects branch September 19, 2019 13:10

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix bugs reported by Clang analyzer#3887

Fix bugs reported by Clang analyzer#3887
chemamartinez merged 13 commits into3.11from
3870-fix-defects

crolopez commented Aug 27, 2019 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

crolopez commented Aug 27, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Tests

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

crolopez commented Aug 27, 2019 •

edited

Loading