Conversation
During fuzzing, UBSan discovered that postfix increments/decrements inside a loop condition are executed after the condition is met. While in most cases loop counter is dropped right after it's been used in some cases where it doesn't it may lead to unexpected behaviour. Yet in both cases loop peforms extra addition/subtraction, which would be nice to eliminate. So the solution is to switch to incremental for loop or nest such counters inside loops so they are executed only if loop termination condition isn't met.
catenacyber
force-pushed
the
Rx1513/loop-underflows/v4
branch
from
60f7be0 to
da3e6f6
Compare
|
@jasonish what do you think about the clang-format report ? Looks wrong to us diff --git a/src/detect.c b/src/detect.c
index beafe60f9c..2f7890516a 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -892,7 +892,7 @@ next:
if (break_out_of_packet_filter) {
break;
}
- }
+} |
|
@Rx513 can you check what I have done wrong in my changes ? |
|
|
||
| continue; |
There was a problem hiding this comment.
What is the hidden effect of continue; before '}' closing the loop ?
There was a problem hiding this comment.
Turns out:
for (; match_cnt > 0; match_cnt--) {
}not equivalent to:
while (match_cnt) {
match_cnt--;
}As in for expression executed after iteration. So either match_cnt should be reduced by one before for or loop expression should be nested.
There was a problem hiding this comment.
Please do a new PR with a better commit title and this fix :-)
|
Also I think commit title should be changed to something more suitable. |
Please do a new version with a better commit title :-) |
Yeah, appears the formatter is confused. |
So, we should ignore it ? |
Probably, unless someone can investigate it. Should only be an error in this PR, and not continue failing. |
|
ERROR: ERROR: QA failed on ASAN_TLPR1_suri. Pipeline = 29809 |
4 participants
Previous PR: #14804
Contribution style:
https://docs.suricata.io/en/latest/devguide/contributing/contribution-process.html
Our Contribution agreements:
https://suricata.io/about/contribution-agreement/ (note: this is only required once)
Changes:
https://redmine.openinfosecfoundation.org/projects/suricata/issues
Link to ticket: https://redmine.openinfosecfoundation.org/issues/8184
Describe changes:
Changes from last PR:
Attaching little reference unit tests, which may be used to inspect difference in generated assembly and results given by changes:
loop_checks.c