Actions
Task #8690
open
DU
CT
detect-engine-mpm: adjust transforms->cnt type to unsigned integer
Task #8690:
detect-engine-mpm: adjust transforms->cnt type to unsigned integer
Effort:
low
Difficulty:
low
Label:
Description
typedef struct DetectEngineTransforms { TransformData transforms[DETECT_TRANSFORMS_MAX]; int cnt; } DetectEngineTransforms;
DetectEngineTransforms::cnt is an int, but only cnt 0 was checked:
if (transforms NULL || transforms->cnt == 0)
return;
Negative values are therefore treated as valid. When transforms->cnt is negative, the loop is skipped, leaving xforms empty. The subsequent statement
xforms[strlen(xforms) - 1] = '\0';
evaluates to xforms[-1], causing an out-of-bounds write and resulting in undefined behavior. Fix this by checking cnt <= 0 instead of cnt == 0.
Actions