From 4f5900f9cf0de623fbbabc7e712e9bf28cf3151c Mon Sep 17 00:00:00 2001 From: Coleman Kane Date: Thu, 4 Nov 2021 21:20:57 -0400 Subject: [PATCH 1/2] Initialize inner struct with its own brackets The existing code threw on error on newer clang and gcc versions where -Werror was enabled, as the compiler wants a set of brackets present in the initialization value for each container level in the lvalue's data type. This change replaces the {0,} initializations with {{0}}, which satisfies the compiler warnings. --- UnitTests/rules.cpp | 2 +- eventsCommon.cpp | 16 ++++++++-------- xml.cpp | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/UnitTests/rules.cpp b/UnitTests/rules.cpp index b514cd4..3982872 100644 --- a/UnitTests/rules.cpp +++ b/UnitTests/rules.cpp @@ -2223,7 +2223,7 @@ TEST( Rules, ProcessEventRules ) SCOPED_TRACE( fieldValues.Description ); PWCHAR ruleName = NULL; LARGE_INTEGER eventTime; - SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = { (NativeTypes)0 }; + SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {{(NativeTypes) 0}}; // Set all fields in the event buffer, the rest won't be available. for( auto& field : fieldValues.Fields ) { diff --git a/eventsCommon.cpp b/eventsCommon.cpp index cda4ab9..94c052d 100644 --- a/eventsCommon.cpp +++ b/eventsCommon.cpp @@ -510,7 +510,7 @@ void GenerateUniqueSGUID( ) { GUID g; - LARGE_INTEGER timestamp = {0,}; + LARGE_INTEGER timestamp = {{0}}; #if defined _WIN64 || defined _WIN32 NTSTATUS status; PSECURITY_LOGON_SESSION_DATA sessionData; @@ -2114,7 +2114,7 @@ ProcessEventRulesDry( ) { ULONG index; - EVENT_DATA_DESCRIPTOR output[SYSMON_MAX_EVENT_Fields] = {0,}; + EVENT_DATA_DESCRIPTOR output[SYSMON_MAX_EVENT_Fields] = {{0}}; RuleDefaultType ret; ret = ProcessEventRules( EventTime, EventType, EventBuffer, EventData, output, RuleName, NULL ); @@ -2172,12 +2172,12 @@ EventProcess( RuleDefaultType ruleDefault; DWORD error = ERROR_SUCCESS; InTypes outputType; - EVENT_DATA_DESCRIPTOR Output[SYSMON_MAX_EVENT_Fields] = {0,}; + EVENT_DATA_DESCRIPTOR Output[SYSMON_MAX_EVENT_Fields] = {{0}}; LARGE_INTEGER currentTime; PLARGE_INTEGER eventTime = NULL; PWCHAR ruleName = NULL; #if defined _WIN64 || defined _WIN32 - PTCHAR OutStr[SYSMON_MAX_EVENT_Fields] = {0,}; + PTCHAR OutStr[SYSMON_MAX_EVENT_Fields] = {{0}}; #elif defined __linux__ size_t eventMax = 65536; char event[eventMax]; @@ -2666,7 +2666,7 @@ DWORD DispatchEvent( PTCHAR companyName, fileVersion, productName, fileDescription, originalFileName; PTCHAR id = NULL, message = NULL; GUID guid; - SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {(NativeTypes) 0}; + SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {{(NativeTypes) 0}}; PSYSMON_PROCESS_ACCESS processAccess; PSYSMON_EVENT_TYPE_FMT eventType; PSYSMON_FILE_DELETE fileDelete; @@ -3244,7 +3244,7 @@ DWORD NetworkEvent( _In_ const TCHAR* dstPortname ) { - SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {(NativeTypes) 0}; + SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {{(NativeTypes) 0}}; EventSetFieldX( eventBuffer, F_NC_UtcTime, N_LargeTime, *Time ); EventSetFieldX( eventBuffer, F_NC_ProcessGuid, N_ProcessId, OwnerPID ); @@ -3281,7 +3281,7 @@ DWORD SendStateEvent( _In_ PTCHAR FileVersion ) { - SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {(NativeTypes) 0}; + SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {{(NativeTypes) 0}}; TCHAR schemaVersion[64]; _stprintf_s( schemaVersion, _countof(schemaVersion), _T("%.2f"), TO_DOUBLE( ConfigurationVersion ) ); @@ -3305,7 +3305,7 @@ DWORD SendConfigEvent( _In_ PTCHAR ConfigHash ) { - SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = { (NativeTypes) 0 }; + SYSMON_DATA_DESCRIPTOR eventBuffer[SYSMON_MAX_EVENT_Fields] = {{(NativeTypes) 0}}; EventSetFieldS( eventBuffer, F_SCC_Configuration, ConfigPath, FALSE ); EventSetFieldS( eventBuffer, F_SCC_ConfigurationFileHash, ConfigHash ? ConfigHash : _T(""), FALSE ); diff --git a/xml.cpp b/xml.cpp index 8175b32..888dd08 100644 --- a/xml.cpp +++ b/xml.cpp @@ -312,7 +312,7 @@ class RuleBuilder // No entry so the blob is not set // D_ASSERT( blob == NULL ); - RULE_REG_EXT baseRule = {0,}; + RULE_REG_EXT baseRule = {{0}}; baseRule.header.Version = blobVersion; baseRule.RuleRegSize = sizeof(baseRule); @@ -1056,7 +1056,7 @@ ApplyConfigurationFile( ULONG version = 0; PCONFIGURATION_OPTION_TYPE option; PSYSMON_EVENT_TYPE_FMT rule = NULL; - ADD_RULES addRules[10] = {0,}; + ADD_RULES addRules[10] = {{0}}; ULONG aggregationId = 0; #if defined _WIN64 || defined _WIN32 char fileName[MAX_PATH]; From d9c6c2e15b0aeb4e335cb77e76eb1d05ced6f0f3 Mon Sep 17 00:00:00 2001 From: Coleman Kane Date: Thu, 4 Nov 2021 21:25:40 -0400 Subject: [PATCH 2/2] Cast prevLastEventOffset to ulong before comparison This needs to be an unsigned integer before we can perform the comparison, in order to satisfy a compiler warning about signedness. --- xml.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml.cpp b/xml.cpp index 888dd08..ab9e718 100644 --- a/xml.cpp +++ b/xml.cpp @@ -353,7 +353,7 @@ class RuleBuilder HRESULT UndoEventAdd() { - if( lastEventOffset == 0 || prevLastEventOffset == ULONG_MAX ) { + if( lastEventOffset == 0 || (unsigned long)prevLastEventOffset == ULONG_MAX ) { // Can't undo more than the very last event (no undo history). return E_OUTOFMEMORY;