streaming/buffer: add validation checks for data chunk sizes

diff --git a/src/util-streaming-buffer.c b/src/util-streaming-buffer.c
index f08ef7a3a44e2a163739434a380d9d9f1717b809..7ef6f58e2c35f6146a69fbf31edcaf1da601cf0d 100644 (file)
--- a/src/util-streaming-buffer.c
+++ b/src/util-streaming-buffer.c
@@ -1078,6 +1078,7 @@ int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg,
         StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len)
 {
     DEBUG_VALIDATE_BUG_ON(seg == NULL);
+    DEBUG_VALIDATE_BUG_ON(data_len > BIT_U32(27)); // 128MiB is excessive already
 
     if (sb->region.buf == NULL) {
         if (InitBuffer(sb, cfg) == -1)
@@ -1118,6 +1119,8 @@ int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg,
 int StreamingBufferAppendNoTrack(StreamingBuffer *sb, const StreamingBufferConfig *cfg,
         const uint8_t *data, uint32_t data_len)
 {
+    DEBUG_VALIDATE_BUG_ON(data_len > BIT_U32(27)); // 128MiB is excessive already
+
     if (sb->region.buf == NULL) {
         if (InitBuffer(sb, cfg) == -1)
             return -1;
@@ -1502,6 +1505,7 @@ int StreamingBufferInsertAt(StreamingBuffer *sb, const StreamingBufferConfig *cf
         StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len, uint64_t offset)
 {
     DEBUG_VALIDATE_BUG_ON(seg == NULL);
+    DEBUG_VALIDATE_BUG_ON(data_len > BIT_U32(27)); // 128MiB is excessive already
     DEBUG_VALIDATE_BUG_ON(offset < sb->region.stream_offset);
     if (offset < sb->region.stream_offset) {
         return SC_EINVAL;