From: Victor Julien <vjulien@oisf.net>
Date: Sat, 3 May 2025 08:20:54 +0000 (+0200)
Subject: lua/flowvarlib: check malloc result
X-Git-Tag: suricata-8.0.0-rc1~361
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=223c5687017bf7d794e23d7619f44099da64c38f;p=thirdparty%2Fsuricata.git

lua/flowvarlib: check malloc result

src/util-lua-flowvarlib.c:110:12: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:110:12: note: Null pointer dereference
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:111:5: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    buf[len] = '\0';
    ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:111:5: note: Null pointer dereference
    buf[len] = '\0';
---

diff --git a/src/util-lua-flowvarlib.c b/src/util-lua-flowvarlib.c
index 9d80d349bb..d81f18f95f 100644
--- a/src/util-lua-flowvarlib.c
+++ b/src/util-lua-flowvarlib.c
@@ -107,6 +107,9 @@ static int LuaFlowvarSet(lua_State *L)
     }
 
     uint8_t *buf = SCMalloc(len + 1);
+    if (buf == NULL) {
+        return luaL_error(L, "alloc failure");
+    }
     memcpy(buf, value, len);
     buf[len] = '\0';
     FlowVarAddIdValue(f, *flowvar_id, buf, (uint16_t)len);