Merge remote-tracking branch 'origin/topic/timw/coverity'

* origin/topic/timw/coverity:
  Add a few std::moves to fix Coverity warnings
  Fix possible memory leak in broker::Manager
  fixup! Use SCN* constants when reading into sized integer types
  from_json: Statically lookup err index in result type
  Use SCN* constants when reading into sized integer types
  Remove setting unused variable value in FTP::parse_eftp

CHANGES

@@ -1,3 +1,17 @@
+8.0.0-dev.259 | 2025-05-27 12:49:05 -0700
+
+  * Add a few std::moves to fix Coverity warnings (Tim Wojtulewicz, Corelight)
+
+  * Fix possible memory leak in broker::Manager (Tim Wojtulewicz, Corelight)
+
+  * fixup! Use SCN* constants when reading into sized integer types (Tim Wojtulewicz, Corelight)
+
+  * from_json: Statically lookup err index in result type (Tim Wojtulewicz, Corelight)
+
+  * Use SCN* constants when reading into sized integer types (Tim Wojtulewicz, Corelight)
+
+  * Remove setting unused variable value in FTP::parse_eftp (Tim Wojtulewicz, Corelight)
+
 8.0.0-dev.252 | 2025-05-27 11:59:00 -0700
 
   * Update .clang-tidy to have bugprone-* enabled with some exclusions (Tim Wojtulewicz, Corelight)

VERSION

@@ -1 +1 @@
-8.0.0-dev.252
+8.0.0-dev.259

src/DNS_Mapping.cc

@@ -48,7 +48,7 @@ DNS_Mapping::DNS_Mapping(FILE* f) {
     int failed_local;
     int num_addrs;
 
-    if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %" PRIu32, &creation_time, &is_req_host, req_buf, &failed_local,
+    if ( sscanf(buf, "%lf %d %512s %d %512s %d %d %" SCNu32, &creation_time, &is_req_host, req_buf, &failed_local,
                 name_buf, &req_type, &num_addrs, &req_ttl) != 8 ) {
         no_mapping = true;
         return;

src/DebugLogger.cc

@@ -113,7 +113,7 @@ void DebugLogger::EnableStreams(const char* s) {
         if ( util::starts_with(ltok, "plugin-") ) {
             // Cannot verify this at this time, plugins may not
             // have been loaded.
-            enabled_streams.insert(ltok);
+            enabled_streams.insert(std::move(ltok));
             goto next;
         }
 

src/Func.cc

@@ -866,7 +866,7 @@ static std::set<EventGroupPtr> get_func_groups(const std::vector<AttrPtr>& attrs
         }
 
         auto group = event_registry->RegisterGroup(EventGroupKind::Attribute, v->AsStringVal()->ToStdStringView());
-        groups.insert(group);
+        groups.insert(std::move(group));
     }
 
     return groups;

src/analyzer/protocol/bittorrent/BitTorrentTracker.cc

@@ -11,8 +11,8 @@
 #include "zeek/analyzer/protocol/bittorrent/events.bif.h"
 #include "zeek/analyzer/protocol/tcp/TCP_Reassembler.h"
 
-#define FMT_INT "%" PRId64
-#define FMT_UINT "%" PRIu64
+#define FMT_INT "%" SCNd64
+#define FMT_UINT "%" SCNu64
 
 namespace zeek::analyzer::bittorrent {
 

src/analyzer/protocol/ftp/functions.bif

@@ -76,10 +76,7 @@ static zeek::RecordValPtr parse_eftp(const char* line)
 				{
 				const char* nptr = strchr(line, delimiter);
 				if ( nptr == NULL )
-					{
 					nptr = line + strlen(line);
-					good = false;
-					}
 
 				std::string s(line, nptr-line); // extract IP address
 				struct in6_addr result;

src/broker/Manager.cc

@@ -2094,13 +2094,15 @@ detail::StoreHandleVal* Manager::MakeClone(const string& name, double resync_int
     }
 
     auto handle = new detail::StoreHandleVal{*result};
-    Ref(handle);
 
     if ( ! handle->proxy.valid() ) {
         reporter->Error("Failed to create clone for data store %s", name.c_str());
+        delete handle;
         return nullptr;
     }
 
+    Ref(handle);
+
     data_stores.emplace(name, handle);
     if ( ! iosource_mgr->RegisterFd(handle->proxy.mailbox().descriptor(), this) )
         reporter->FatalError("Failed to register broker clone mailbox descriptor with iosource_mgr");

src/logging/Manager.cc

@@ -811,7 +811,7 @@ bool Manager::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt, Tab
         }
 
         // Alright, we want this field.
-        filter->indices.push_back(new_indices);
+        filter->indices.push_back(std::move(new_indices));
 
         // Static cast this to void* to avoid a clang-tidy warning about converting from the
         // double-pointer to void*

src/zeek.bif

@@ -11,7 +11,7 @@
 #include <sys/stat.h>
 
 #include <algorithm>
-#include <cmath>
+#include <cinttypes>
 #include <cmath>
 #include <cstdio>
 #include <cstring>
@@ -3299,10 +3299,11 @@ function ptr_name_to_addr%(s: string%): addr
 		uint32_t b[32];
 		char ss[9]; // this will contain "ip6.arpa"
 		if ( sscanf(s->CheckString(),
-			"%1x.%1x.%1x.%1x.%1x.%1x.%1x.%1x."
-			"%1x.%1x.%1x.%1x.%1x.%1x.%1x.%1x."
-			"%1x.%1x.%1x.%1x.%1x.%1x.%1x.%1x."
-			"%1x.%1x.%1x.%1x.%1x.%1x.%1x.%1x.%8s",
+			"%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32
+			".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32
+			".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32
+			".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32 ".%1" SCNx32
+            ".%8s",
 			b+31, b+30, b+29, b+28, b+27, b+26, b+25, b+24,
 			b+23, b+22, b+21, b+20, b+19, b+18, b+17, b+16,
 			b+15, b+14, b+13, b+12, b+11, b+10, b+9, b+8,
@@ -5319,6 +5320,7 @@ function from_json%(s: string, t: any, key_func: string_mapper &default=from_jso
 	static auto result_type = zeek::id::find_type<RecordType>("from_json_result");
 	static auto v_idx = result_type->FieldOffset("v");
 	static auto valid_idx = result_type->FieldOffset("valid");
+	static auto err_idx = result_type->FieldOffset("err");
 	static auto default_key_func_ptr = zeek::id::find_func("from_json_default_key_mapper");
 
 	auto rval = zeek::make_intrusive<RecordVal>(result_type);
@@ -5347,7 +5349,7 @@ function from_json%(s: string, t: any, key_func: string_mapper &default=from_jso
 	else
 		{
 		rval->Assign(valid_idx, false);
-                rval->Assign(result_type->FieldOffset("err"), res.error().c_str());
+		rval->Assign(err_idx, res.error().c_str());
 		}
 
 	return std::move(rval);