CI: update list of compilers

Try using latest gcc and clang versions.
We still care about RHEL7: since handling a RHEL7 runner on GitHub is
quite complex, let try to use a similar version of gcc, at least

Author: IvanNardi

.github/workflows/build.yml

@@ -89,15 +89,15 @@ jobs:
         nBPF: [""]
         lto_gold_linker: [""]
         include:
-          - compiler: "gcc-7" # "Oldest" gcc easily available
+          - compiler: "gcc-4.9" # "Oldest" gcc easily available. To simulate RHEL7
             os: ubuntu-20.04
             arch: "x86_64"
             gcrypt: ""
             pcre: "--with-pcre2"
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: ""
-          - compiler: "gcc-12" # "Newest" gcc easily available
+          - compiler: "gcc-13" # "Newest" gcc easily available
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -114,9 +114,9 @@ jobs:
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: ""
-          - compiler: "clang-14" # "Newest" clang easily available
-            ar: "llvm-ar-14"
-            ranlib: "llvm-ranlib-14"
+          - compiler: "clang-17" # "Newest" clang easily available
+            ar: "llvm-ar-17"
+            ranlib: "llvm-ranlib-17"
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -141,7 +141,7 @@ jobs:
             maxminddb: "--with-maxminddb"
             msan: "--with-sanitizer"
             nBPF: "nBPF"
-          - compiler: "clang-14"
+          - compiler: "clang-17"
             os: ubuntu-22.04
             arch: "x86_64"
             gcrypt: ""
@@ -226,9 +226,22 @@ jobs:
           make
           cd -
       - name: Setup Ubuntu specified compiler
-        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc')
-        run: |
+        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && ! startsWith(matrix.compiler, 'cc') && ! startsWith(matrix.compiler, 'clang-17')
+        run: |
+          #For gcc-4.9 (on ubuntu-20.04)
+          echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial main" | sudo tee -a /etc/apt/sources.list
+          echo "deb http://dk.archive.ubuntu.com/ubuntu/ xenial universe" | sudo tee -a /etc/apt/sources.list
+          sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 40976EAF437D05B5
+          #For gcc-13 (on ubuntu-22.04)
+          sudo add-apt-repository ppa:ubuntu-toolchain-r/ppa
+          sudo apt-get update
           sudo apt-get install ${{ matrix.compiler }}
+      - name: Setup Ubuntu specified (newest) compiler
+        if: startsWith(matrix.os, 'ubuntu') && startsWith(matrix.arch, 'x86_64') && startsWith(matrix.compiler, 'clang-17')
+        run: |
+          wget https://apt.llvm.org/llvm.sh
+          chmod u+x llvm.sh
+          sudo ./llvm.sh 17
       - name: Install Windows msys2 prerequisites
         if: startsWith(matrix.os, 'windows')
         uses: msys2/setup-msys2@v2

configure.ac

@@ -64,8 +64,14 @@ AS_IF([test "${with_sanitizer+set}" = set -o "${with_thread_sanitizer+set}" = se
 ])
 
 AS_IF([test "${with_sanitizer+set}" = set],[
-  NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak -fno-omit-frame-pointer"
-  NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fno-sanitize=alignment -fsanitize=leak"
+  NDPI_CFLAGS="${NDPI_CFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak -fno-omit-frame-pointer"
+  NDPI_LDFLAGS="${NDPI_LDFLAGS} -fsanitize=address -fsanitize=undefined -fsanitize=leak"
+  #Sanitizers should work on any compilers that we support (or that we test on CI, at least)
+  #Exception: "-fsanitize=alignment" is not supported in gcc 4.9
+  AX_CHECK_COMPILE_FLAG([-fno-sanitize=alignment], [
+    NDPI_CFLAGS="${NDPI_CFLAGS} -fno-sanitize=alignment"
+    NDPI_LDFLAGS="${NDPI_LDFLAGS} -fno-sanitize=alignment"
+  ])
 ])
 
 AS_IF([test "${with_thread_sanitizer+set}" = set],[

src/lib/ndpi_utils.c

@@ -1708,9 +1708,9 @@ static int ndpi_is_xss_injection(char* query) {
 static void ndpi_compile_rce_regex() {
   PCRE2_UCHAR pcreErrorStr[128];
   PCRE2_SIZE pcreErrorOffset;
-  int pcreErrorCode;
+  int i, pcreErrorCode;
 
-  for(int i = 0; i < N_RCE_REGEX; i++) {
+  for(i = 0; i < N_RCE_REGEX; i++) {
     comp_rx[i] = (struct pcre2_struct*)ndpi_malloc(sizeof(struct pcre2_struct));
 
     comp_rx[i]->compiled = pcre2_compile((PCRE2_SPTR)rce_regex[i], PCRE2_ZERO_TERMINATED, 0, &pcreErrorCode,
@@ -1746,9 +1746,10 @@ static int ndpi_is_rce_injection(char* query) {
   }
 
   pcre2_match_data *pcreMatchData;
-  int pcreExecRet;
+  int i, pcreExecRet;
+  unsigned long j;
 
-  for(int i = 0; i < N_RCE_REGEX; i++) {
+  for(i = 0; i < N_RCE_REGEX; i++) {
     unsigned int length = strlen(query);
 
     pcreMatchData = pcre2_match_data_create_from_pattern(comp_rx[i]->compiled, NULL);
@@ -1789,16 +1790,16 @@ static int ndpi_is_rce_injection(char* query) {
 
   size_t ushlen = sizeof(ush_commands) / sizeof(ush_commands[0]);
 
-  for(unsigned long i = 0; i < ushlen; i++) {
-    if(strstr(query, ush_commands[i]) != NULL) {
+  for(j = 0; j < ushlen; i++) {
+    if(strstr(query, ush_commands[j]) != NULL) {
       return 1;
     }
   }
 
   size_t pwshlen = sizeof(pwsh_commands) / sizeof(pwsh_commands[0]);
 
-  for(unsigned long i = 0; i < pwshlen; i++) {
-    if(strstr(query, pwsh_commands[i]) != NULL) {
+  for(j = 0; j < pwshlen; i++) {
+    if(strstr(query, pwsh_commands[j]) != NULL) {
       return 1;
     }
   }