From e8ab4d3557a178072dbe7855a7a283d3c0943171 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Mon, 23 Dec 2024 22:15:50 +0100 Subject: [PATCH 1/2] devel: add .clang-tidy file By adding this file, code analysis by clang-tidy is now available in LSP compatible editor using clangd. The CustomFunctions option that adds Suricata banned functions in the error list is only available with the (at the time of writing) future clang 20. Ticket: 3837 --- .clang-tidy | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .clang-tidy diff --git a/.clang-tidy b/.clang-tidy new file mode 100644 index 000000000000..eb604220676f --- /dev/null +++ b/.clang-tidy @@ -0,0 +1,30 @@ +--- +Checks: " + bugprone-*, + cert-*, + clang-analyzer-*, + concurrency-*, + misc-*, + modernize-*, + performance-*, + portability-*, + readability-*, + -readability-identifier-length, + -readability-braces-around-statements, + -readability-avoid-const-params-in-decls, + -bugprone-easily-swappable-parameters, +" +WarningsAsErrors: " + bugprone-unsafe-functions, +" +HeaderFileExtensions: + - '' + - 'h' +ImplementationFileExtensions: + - 'c' +FormatStyle: none +CheckOptions: + bugprone-unsafe-functions.ReportDefaultFunctions: 'true' + bugprone-unsafe-functions.ReportMoreUnsafeFunctions: 'true' + bugprone-unsafe-functions.CustomFunctions: '^strtok$,strtok_r;^sprintf$,snprintf;^strcat$,strlcat;^strcpy$,strlcpy;^strncpy$,strlcat;^strncat$,strlcpy;^strndup$,,is OS specific;^strchrnul$;^rand$;^rand_r$;^index$;^rindex$;^bzero$,^memset$' + readability-function-cognitive-complexity.Threshold: 50 From 01321809d7e44b37b025c4270fc85df9b3d36c63 Mon Sep 17 00:00:00 2001 From: Eric Leblond Date: Fri, 27 Dec 2024 09:01:43 +0100 Subject: [PATCH 2/2] util/debug: exit is not thread safe The exit() function is not thread safe and triggers a warning from clang tidy for all FatalError() and FatalErrorAtInit() calls. This patch uses quick_exit instead to only flush the critical IO and not call the static destructors (which are the non thread safe part). --- configure.ac | 5 +++++ src/util-debug.h | 8 ++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index ca964d9039a0..0623de52446c 100644 --- a/configure.ac +++ b/configure.ac @@ -224,6 +224,11 @@ [], [ #include ]) + AC_CHECK_DECL([quick_exit], + AC_DEFINE([HAVE_QUICK_EXIT], [1], [Use quick_exit]), + [], [ + #include + ]) AC_CHECK_HEADERS([malloc.h]) AC_CHECK_DECL([malloc_trim], diff --git a/src/util-debug.h b/src/util-debug.h index cb22e9097389..4fba832ea652 100644 --- a/src/util-debug.h +++ b/src/util-debug.h @@ -499,10 +499,14 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c #endif /* DEBUG */ +#if !HAVE_QUICK_EXIT +#define quick_exit exit +#endif + #define FatalError(...) \ do { \ SCLogError(__VA_ARGS__); \ - exit(EXIT_FAILURE); \ + quick_exit(EXIT_FAILURE); \ } while (0) /** \brief Fatal error IF we're starting up, and configured to consider @@ -515,7 +519,7 @@ void SCLogErr(int x, const char *file, const char *func, const int line, const c (void)ConfGetBool("engine.init-failure-fatal", &init_errors_fatal); \ if (init_errors_fatal && (SC_ATOMIC_GET(engine_stage) == SURICATA_INIT)) { \ SCLogError(__VA_ARGS__); \ - exit(EXIT_FAILURE); \ + quick_exit(EXIT_FAILURE); \ } \ SCLogWarning(__VA_ARGS__); \ } while (0)