mpm-ac: fix integer overflow on allocation #2546
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The size of a memory buffer to be reallocated during state creation in the Aho-Corasick implementation was kept in a signed
int
instead of asize_t
, leading to an overflow when large lists of long and diverse patterns cause the amount of AC states to blow up (>2GB). This case can be triggered for reproduction using a script like https://gist.github.com/satta/e47f7a6f0e44c9898804121e4d8c5f2e.Addresses Redmine issues #1827 (https://redmine.openinfosecfoundation.org/issues/1827) and #1843 (https://redmine.openinfosecfoundation.org/issues/1843).
This PR adds the following functionality:
SCACCheckSafeSizetMult()
to check whether asize_t
multiplication overflows,exit()
ing in this case.size
variable inSCACReallocState()
tosize_t
.I ran the Dockerized prscript, builds completed successfully: