CC detect-engine-loader.o
In file included from /usr/include/stdio.h:970,
from suricata-common.h:77,
from detect-engine-loader.c:24:
In function 'fgets',
inlined from 'DetectLoadSigFile' at detect-engine-loader.c:139:11:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:313:12: warning: argument 2 value -1 is negative [-Wstringop-overflow=]
313 | return __fgets_alias (__s, __n, __stream);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/features.h:523,
from /usr/include/dirent.h:25,
from suricata-common.h:73:
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h: In function 'DetectLoadSigFile':
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h:96:14: note: in a call to function '__fgets_alias' declared with attribute 'access (write_only, 1, 2)'
96 | extern char *__REDIRECT (__fgets_alias,
| ^~~~~~~~~~
Suppress the following warning:
util-pages.c:49:13: warning: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code [security.MmapWriteExec]
49 | if (mprotect(ptr, getpagesize(), PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
As the check is done to check if the OS allows it or not, for enabling
JIT in pcre.
util-mpm-hs-cache.c:83:25: warning: Value of 'errno' was not checked and may be overwritten by function 'fread' [unix.Errno]
83 | size_t bytes_read = fread(buffer, 1, file_sz, file);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
"After calling 'rewind' reading 'errno' is required to find out if the call has failed".
detect-bytetest.c:523:14: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
523 | if (!DetectBytetestValidateNbytes(data, nbytes, optstr)) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
It generates a `compile_commands.json` suitable for clangd.
This is almost mandatory to have a command like this one for NixOs
users as tool like bear are not able to intercept correctly the
clang calls due to the usage of a wrapper.
Ticket: #7669
By adding a `shell.nix` file in the root directory of the source,
NixOs (https://nixos.org/) users can get a ready for development
environment by simply running `nix-shell` from the source tree.
This is really convenient as the installation of needed packages
is just done as user and transparently for the user/developer.
Ticket: #7669
Track per flow thread id for UDP and other non-TCP protocols. This
improves the timeout handling as the per thread timestamp is used in
offline mode.
Fixes: ada2bfe009 ("flow/worker: improve flow timeout time accuracy")
Fixes: ef396f7509 ("flow/manager: in offline mode, use owning threads time")
Bug #7687.
Ticket: 7665
Instead of each keyword calling DetectSetupDirection, use a
new flag SIGMATCH_SUPPORT_DIR so that DetectSetupDirection gets
called, before parsing the rest of the keyword.
Allows to support filesize keyword in transactional signatures
src/util-debug.c:1562:5: warning: Either the condition 'sc_lid!=NULL' is redundant or there is possible null pointer dereference: sc_lid. [nullPointerRedundantCheck]
sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
^
src/util-debug.c:1569:16: note: Assuming that condition 'sc_lid!=NULL' is not redundant
if (sc_lid != NULL)
^
src/util-debug.c:1562:5: note: Null pointer dereference
sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
^