Project

General

Profile

Actions
Copy link

Bug #1843

closed
IH SS

Mpm Ac: int overflow during init

Bug #1843: Mpm Ac: int overflow during init

Added by i3 here almost 10 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Sascha Steinbiss
Target version:
3.2.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

SCRealloc failed: Cannot allocate memory, while trying to allocate 18446744071562067968 bytes

in fuction SCACBSInitNewState

static inline int SCACBSInitNewState(MpmCtx *mpm_ctx)
{
    void *ptmp;
    SCACBSCtx *ctx = (SCACBSCtx *)mpm_ctx->ctx;
    int ascii_code = 0;
    int size = 0;

    /* reallocate space in the goto table to include a new state */
    size = (ctx->state_count + 1) * ctx->single_state_size;
    ptmp = SCRealloc(ctx->goto_table, size);

//==========================================================================

size is a int
but (ctx->state_count + 1) * ctx->single_state_size; is a unsigned int
when the size > 2G
size is overflow
Actions
Copy link

Also available in: PDF Atom