detect/frames: fix crash when parsing bad rule

Indexing of Signature::init_data::smlists would fail for a rule that
used a frame and fast_pattern w/o content, as the array would only be
expanded when adding a content.
Adding a check to see if there list id is in bounds
is an implicit check for the "no content" case.

Ticket: #5530

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 431ae37b62df02e358d644b1c9530220bb32a767..04169cfdc1d03e583cde28255084597a41f4045a 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -438,7 +438,8 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa
     uint32_t sm_type;
 
     /* if we have a sticky buffer, use that */
-    if (s->init_data->list != DETECT_SM_LIST_NOTSET) {
+    if (s->init_data->list != DETECT_SM_LIST_NOTSET &&
+            s->init_data->list < (int)s->init_data->smlists_array_size) {
         if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) {
             return NULL;
         }