suricata
suricata copied to clipboard
Clean shorterintegers v2
Link to redmine ticket: TODO
Describe changes:
- Use shorter integers for array accesses
As found by CodeQL with https://github.com/github/codeql/pull/8994
This was inspired by 2d765d6c686449e78e29759b07c4852ebab3c46e where one of the root cause for the buffer overflow in SetupU8Hash
was that we were using an int
as an index to an array of size 256
Running CI and looking at what is remaining...
Follows #7409
ERROR:
ERROR: QA failed on ips_afp_drop_chk.
Pipeline 7954
Force-pushing to get a greener CI, and then looking at what is remaining
Codecov Report
Merging #7562 (f00a384) into master (a898409) will decrease coverage by
0.04%
. The diff coverage is90.00%
.
@@ Coverage Diff @@
## master #7562 +/- ##
==========================================
- Coverage 75.80% 75.75% -0.05%
==========================================
Files 658 658
Lines 186526 186525 -1
==========================================
- Hits 141399 141311 -88
- Misses 45127 45214 +87
Flag | Coverage Δ | |
---|---|---|
fuzzcorpus | 59.89% <74.60%> (-0.06%) |
:arrow_down: |
suricata-verify | 52.36% <86.66%> (-0.06%) |
:arrow_down: |
unittests | 60.71% <81.33%> (-0.01%) |
:arrow_down: |
Flags with carried forward coverage won't be shown. Click here to find out more.
ERROR:
ERROR: QA failed on ips_afp_drop_chk.
Pipeline 7959
This draft is ready for review.
I think that the remaining CodeQL notes should not be eliminated (and so the rule should not be added to CI)
WARNING:
field | test | baseline | % |
---|---|---|---|
build_asan |
Pipeline 7961
ERROR:
ERROR: QA failed on ips_afp_drop_chk.
Pipeline 7963
ERROR:
ERROR: QA failed on ips_afp_drop_chk.
Pipeline 7963
Is there an interest for this ?
Closing