detect/transform: handle overlapping dotprefix

If there is a transform before dotprefix, it operates in place
in a single buffer, and must therefore use memmove instead of memcpy
to avoid UB.

Ticket: 7229

diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
index 295a149f89417fac9a5b47c85875c53b6477ef76..d58e1d4ad18d4f2022591523fd4c5547f816f52c 100644 (file)
--- a/src/detect-transform-dotprefix.c
+++ b/src/detect-transform-dotprefix.c
@@ -116,8 +116,8 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
             return;
         }
 
+        memmove(&output[1], buffer->inspect, input_len);
         output[0] = '.';
-        memcpy(&output[1], buffer->inspect, input_len);
         InspectionBufferTruncate(buffer, input_len + 1);
     }
 }