Project

General

Profile

Actions

Bug #971

closed

AC memory read error (master-1.4.x)

Added by Victor Julien about 9 years ago. Updated about 9 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

See #970.

Actions #1

Updated by Victor Julien about 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100
  • Private changed from Yes to No

Fixed by:

commit c2f5868d53efd93162e6ba17998831cc3c74d435
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Mon Sep 23 15:23:12 2013 +0530

    fix for bug #971.

    Content strings that are a duplicate of a pattern from another sig, but
    have a fast_pattern chop being applied, would end up being assigned the
    same pattern id as the duplicate string.  But the string supplied to the
    mpm would be the chopped string, which might result in the state_table
    output_state content entry being over-riden by the the fuller string at
    the final state of the smaller content length, because of which during a
    match we might end up inspecting the search buffer against the fuller
    content pattern, instead of the chopped pattern, which would end up being
    an inspection beyond the buffer bounds.

commit 17d4ecba33eb5e5e2d54009db3b3e07d506059a5
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Mon Sep 23 19:54:24 2013 +0530

    Unittest to display bug #971.

Thanks Anoop.

Actions #2

Updated by Victor Julien about 9 years ago

Additionally, for the other AC implementations:

commit 3cf65fe72aa522a4d504b057523e82d6049b3385
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Tue Sep 24 13:29:20 2013 +0530

    fix for bug #970(ac-gfbs).

    Content strings that are a duplicate of a pattern from another sig, but
    have a fast_pattern chop being applied, would end up being assigned the
    same pattern id as the duplicate string.  But the string supplied to the
    mpm would be the chopped string, which might result in the state_table
    output_state content entry being over-riden by the the fuller string at
    the final state of the smaller content length, because of which during a
    match we might end up inspecting the search buffer against the fuller
    content pattern, instead of the chopped pattern, which would end up being
    an inspection beyond the buffer bounds.

commit ad819ce118044f222fbb7148b8a751c1c916a2b0
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Tue Sep 24 13:23:36 2013 +0530

    Unittest to display bug #970(ac-gfbs).

commit b458d8a0bf1603b6d56fdde33ee3d5248cb93753
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Tue Sep 24 13:26:45 2013 +0530

    fix for bug #970(ac-bs).

    Content strings that are a duplicate of a pattern from another sig, but
    have a fast_pattern chop being applied, would end up being assigned the
    same pattern id as the duplicate string.  But the string supplied to the
    mpm would be the chopped string, which might result in the state_table
    output_state content entry being over-riden by the the fuller string at
    the final state of the smaller content length, because of which during a
    match we might end up inspecting the search buffer against the fuller
    content pattern, instead of the chopped pattern, which would end up being
    an inspection beyond the buffer bounds.

commit 52201c8de137cc2e2f883f4ededcdef5338e6b6e
Author: Anoop Saldanha <anoopsaldanha@gmail.com>
Date:   Tue Sep 24 13:13:11 2013 +0530

    Unittest to display bug #970(ac-bs).

Actions

Also available in: Atom PDF