From f333a528f36657ea6ec2df3b5fbd9a06c78c2dc3 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Wed, 3 Sep 2025 18:38:11 +0200
Subject: [PATCH] stream: workaround scan-build warnings

stream-tcp.c:1938:16: warning: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'tail') [core.NullDereference]
 1938 |     tail->next = old_head;
      |     ~~~~       ^
1 warning generated.

stream-tcp.c:1982:5: warning: Potential leak of memory pointed to by 'q' [unix.Malloc]
 1982 |     ssn->queue_len++;
      |     ^~~
1 warning generated.
---
 src/stream-tcp.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/stream-tcp.c b/src/stream-tcp.c
index cc49cb3fcc..d366828fe6 100644
--- a/src/stream-tcp.c
+++ b/src/stream-tcp.c
@@ -1951,7 +1951,8 @@ static int StreamTcp3whsStoreSyn(TcpSession *ssn, Packet *p)
     if (ssn->queue != NULL && StreamTcp3whsFindSyn(ssn, &search, &tail, false) != NULL)
         return 0;
 
-    if (ssn->queue_len == stream_config.max_syn_queued) {
+    if (ssn->queue_len > 0 && ssn->queue_len == stream_config.max_syn_queued) {
+        DEBUG_VALIDATE_BUG_ON(ssn->queue == NULL);
         SCLogDebug("%" PRIu64 ": ssn %p: =~ SYN queue limit reached, rotate", p->pcap_cnt, ssn);
         StreamTcpSetEvent(p, STREAM_3WHS_SYN_FLOOD);
 
@@ -1974,10 +1975,12 @@ static int StreamTcp3whsStoreSyn(TcpSession *ssn, Packet *p)
 
     *q = search;
     /* put in list */
-    if (tail)
+    if (tail) {
         tail->next = q;
-    if (ssn->queue == NULL)
+    } else {
+        DEBUG_VALIDATE_BUG_ON(ssn->queue != NULL);
         ssn->queue = q;
+    }
     ssn->queue_len++;
     SCLogDebug("%" PRIu64 ": ssn %p: =~ SYN with SEQ %u added (queue_len %u)", p->pcap_cnt, ssn,
             q->seq, ssn->queue_len);