CI: update list of compilers (#2223)

Try using latest gcc and clang versions.
We still care about RHEL7: since handling a RHEL7 runner on GitHub is
quite complex, let try to use a similar version of gcc, at least

.github/workflows/build.yml

@@ -89,15 +89,15 @@ jobs:
         nBPF: [""]
         lto_gold_linker: [""]
         include:
-          - compiler: "gcc-7" # "Oldest" gcc easily available
+          - compiler: "gcc-4.9" # "Oldest" gcc easily available. To simulate RHEL7
             os: ubuntu-20.04
             arch: "x86_64"
             gcrypt: ""
             pcre: "--with-pcre2"
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: ""
-          - compiler: "gcc-12" # "Newest" gcc easily available
+          - compiler: "gcc-13" # "Newest" gcc easily available
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -114,9 +114,9 @@ jobs:
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: ""
-          - compiler: "clang-14" # "Newest" clang easily available
-            ar: "llvm-ar-14"
-            ranlib: "llvm-ranlib-14"
+          - compiler: "clang-17" # "Newest" clang easily available
+            ar: "llvm-ar-17"
+            ranlib: "llvm-ranlib-17"
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -141,7 +141,7 @@ jobs:
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: "nBPF"
-          - compiler: "clang-14"
+          - compiler: "clang-17"
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -226,9 +226,22 @@ jobs:
           make
           cd -
       - name: Setup Ubuntu specified compiler
-        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc')
-        run: |
+        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc') && ! startsWith(matrix.compiler, 'clang-17')
+        run: |
+          #For gcc-4.9 (on ubuntu-20.04)
+          echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial main" | sudo tee -a /etc/apt/sources.list
+          echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe" | sudo tee -a /etc/apt/sources.list
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
+          #For gcc-13 (on ubuntu-22.04)
+          sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
+          sudo apt-get update
           sudo apt-get install ${{ matrix.compiler }}
+      - name: Setup Ubuntu specified (newest) compiler
+        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && startsWith(matrix.compiler, 'clang-17')
+        run: |
+          wget https://apt.llvm.org/llvm.sh
+          chmod u+x llvm.sh
+          sudo ./llvm.sh 17
       - name: Install Windows msys2 prerequisites
         if: startsWith(matrix.os, 'windows')
         uses: msys2/setup-msys2@v2

configure.ac

@@ -64,8 +64,14 @@ AS_IF([test "${with_sanitizer+set}" = set -o "${with_thread_sanitizer+set}" = se
 ])
 
 AS_IF([test "${with_sanitizer+set}" = set],[
-  NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
-  NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak"
+  NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak -fno-omit-frame-pointer"
+  NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak"
+  #Sanitizers should work on any compilers that we support (or that we test on CI, at least)
+  #Exception: "-fsanitize=alignment" is not supported in gcc 4.9
+  AX_CHECK_COMPILE_FLAG([-fno-sanitize=alignment], [
+    NDPI_CFLAGS="${NDPI_CFLAGS} -fno-sanitize=alignment"
+    NDPI_LDFLAGS="${NDPI_LDFLAGS} -fno-sanitize=alignment"
+  ])
 ])
 
 AS_IF([test "${with_thread_sanitizer+set}" = set],[

example/ndpiSimpleIntegration.c

@@ -230,6 +230,7 @@ static void ndpi_flow_info_freer(void * const node)
 static void free_workflow(struct nDPI_workflow ** const workflow)
 {
   struct nDPI_workflow * const w = *workflow;
+  size_t i;
 
   if (w == NULL) {
     return;
@@ -243,7 +244,7 @@ static void free_workflow(struct nDPI_workflow ** const workflow)
   if (w->ndpi_struct != NULL) {
     ndpi_exit_detection_module(w->ndpi_struct);
   }
-  for(size_t i = 0; i < w->max_active_flows; i++) {
+  for(i = 0; i < w->max_active_flows; i++) {
     ndpi_tdestroy(w->ndpi_flows_active[i], ndpi_flow_info_freer);
   }
   ndpi_free(w->ndpi_flows_active);
@@ -272,6 +273,7 @@ static int setup_reader_threads(char const * const file_or_device)
 {
   char * file_or_default_device;
   char pcap_error_buffer[PCAP_ERRBUF_SIZE];
+  int i;
 
   if (reader_thread_count > MAX_READER_THREADS) {
     return 1;
@@ -290,7 +292,7 @@ static int setup_reader_threads(char const * const file_or_device)
     }
   }
 
-  for (int i = 0; i < reader_thread_count; ++i) {
+  for (i = 0; i < reader_thread_count; ++i) {
     reader_threads[i].workflow = init_workflow(file_or_default_device);
     if (reader_threads[i].workflow == NULL)
       {
@@ -500,8 +502,10 @@ static int ndpi_workflow_node_cmp(void const * const A, void const * const B) {
 
 static void check_for_idle_flows(struct nDPI_workflow * const workflow)
 {
+  size_t idle_scan_index;
+
   if (workflow->last_idle_scan_time + IDLE_SCAN_PERIOD < workflow->last_time) {
-    for (size_t idle_scan_index = 0; idle_scan_index < workflow->max_active_flows; ++idle_scan_index) {
+    for (idle_scan_index = 0; idle_scan_index < workflow->max_active_flows; ++idle_scan_index) {
       ndpi_twalk(workflow->ndpi_flows_active[idle_scan_index], ndpi_idle_scan_walker, workflow);
 
       while (workflow->cur_idle_flows > 0) {
@@ -530,7 +534,7 @@ static void ndpi_process_packet(uint8_t * const args,
   struct nDPI_reader_thread * const reader_thread =
     (struct nDPI_reader_thread *)args;
   struct nDPI_workflow * workflow;
-  struct nDPI_flow_info flow = {};
+  struct nDPI_flow_info flow;
 
   size_t hashed_index;
   void * tree_result;
@@ -551,6 +555,8 @@ static void ndpi_process_packet(uint8_t * const args,
   uint16_t type;
   uint32_t thread_index = INITIAL_THREAD_HASH; // generated with `dd if=/dev/random bs=1024 count=1 |& hd'
 
+  memset(&flow, '\0', sizeof(flow));
+
   if (reader_thread == NULL) {
     return;
   }
@@ -1028,7 +1034,9 @@ static void * processing_thread(void * const ndpi_thread_arg)
 
 static int processing_threads_error_or_eof(void)
 {
-  for (int i = 0; i < reader_thread_count; ++i) {
+  int i;
+
+  for (i = 0; i < reader_thread_count; ++i) {
     if (__sync_fetch_and_add(&reader_threads[i].workflow->error_or_eof, 0) == 0) {
       return 0;
     }
@@ -1038,6 +1046,8 @@ static int processing_threads_error_or_eof(void)
 
 static int start_reader_threads(void)
 {
+  int i;
+
 #ifndef WIN32
   sigset_t thread_signal_set, old_signal_set;
 
@@ -1050,7 +1060,7 @@ static int start_reader_threads(void)
   }
 #endif
 
-  for (int i = 0; i < reader_thread_count; ++i) {
+  for (i = 0; i < reader_thread_count; ++i) {
     reader_threads[i].array_index = i;
 
     if (reader_threads[i].workflow == NULL) {
@@ -1076,20 +1086,21 @@ static int start_reader_threads(void)
 
 static int stop_reader_threads(void)
 {
+  int i;
   unsigned long long int total_packets_captured = 0;
   unsigned long long int total_packets_processed = 0;
   unsigned long long int total_l4_data_len = 0;
   unsigned long long int total_flows_captured = 0;
   unsigned long long int total_flows_idle = 0;
   unsigned long long int total_flows_detected = 0;
 
-  for (int i = 0; i < reader_thread_count; ++i) {
+  for (i = 0; i < reader_thread_count; ++i) {
     break_pcap_loop(&reader_threads[i]);
   }
 
   printf("------------------------------------ Stopping reader threads\n");
 
-  for (int i = 0; i < reader_thread_count; ++i) {
+  for (i = 0; i < reader_thread_count; ++i) {
     if (reader_threads[i].workflow == NULL) {
       continue;
     }
@@ -1114,7 +1125,7 @@ static int stop_reader_threads(void)
   /* total packets captured: same value for all threads as packet2thread distribution happens later */
   total_packets_captured = reader_threads[0].workflow->packets_captured;
 
-  for (int i = 0; i < reader_thread_count; ++i) {
+  for (i = 0; i < reader_thread_count; ++i) {
     if (reader_threads[i].workflow == NULL) {
       continue;
     }

src/lib/ndpi_utils.c

@@ -1708,9 +1708,9 @@ static int ndpi_is_xss_injection(char* query) {
 static void ndpi_compile_rce_regex() {
   PCRE2_UCHAR pcreErrorStr[128];
   PCRE2_SIZE pcreErrorOffset;
-  int pcreErrorCode;
+  int i, pcreErrorCode = 0;
 
-  for(int i = 0; i < N_RCE_REGEX; i++) {
+  for(i = 0; i < N_RCE_REGEX; i++) {
     comp_rx[i] = (struct pcre2_struct*)ndpi_malloc(sizeof(struct pcre2_struct));
 
     comp_rx[i]->compiled = pcre2_compile((PCRE2_SPTR)rce_regex[i], PCRE2_ZERO_TERMINATED, 0, &pcreErrorCode,
@@ -1746,9 +1746,10 @@ static int ndpi_is_rce_injection(char* query) {
   }
 
   pcre2_match_data *pcreMatchData;
-  int pcreExecRet;
+  int i, pcreExecRet;
+  unsigned long j;
 
-  for(int i = 0; i < N_RCE_REGEX; i++) {
+  for(i = 0; i < N_RCE_REGEX; i++) {
     unsigned int length = strlen(query);
 
     pcreMatchData = pcre2_match_data_create_from_pattern(comp_rx[i]->compiled, NULL);
@@ -1789,16 +1790,16 @@ static int ndpi_is_rce_injection(char* query) {
 
   size_t ushlen = sizeof(ush_commands) / sizeof(ush_commands[0]);
 
-  for(unsigned long i = 0; i < ushlen; i++) {
-    if(strstr(query, ush_commands[i]) != NULL) {
+  for(j = 0; j < ushlen; j++) {
+    if(strstr(query, ush_commands[j]) != NULL) {
       return 1;
     }
   }
 
   size_t pwshlen = sizeof(pwsh_commands) / sizeof(pwsh_commands[0]);
 
-  for(unsigned long i = 0; i < pwshlen; i++) {
-    if(strstr(query, pwsh_commands[i]) != NULL) {
+  for(j = 0; j < pwshlen; j++) {
+    if(strstr(query, pwsh_commands[j]) != NULL) {
       return 1;
     }
   }