From: Victor Julien <victor@inliniac.net>
Date: Thu, 13 Jul 2017 08:04:47 +0000 (+0200)
Subject: radix: fix risky malloc call
X-Git-Tag: suricata-4.0.0-rc2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2834%2Fhead;p=thirdparty%2Fsuricata.git

radix: fix risky malloc call

GCC7 said:
  CC       util-radix-tree.o
In file included from util-debug-filters.h:29:0,
                 from util-debug.h:34,
                 from suricata-common.h:421,
                 from util-radix-tree.c:26:
util-radix-tree.c: In function ‘SCRadixAddKey’:
util-mem.h:177:12: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
     ptrmem = malloc((a)); \
     ~~~~~~~^~~~~~~~~~~~~
util-radix-tree.c:749:42: note: in expansion of macro ‘SCMalloc’
             if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                          ^~~~~~~~
In file included from suricata-common.h:69:0,
                 from util-radix-tree.c:26:
/usr/include/stdlib.h:443:14: note: in a call to allocation function ‘malloc’ declared here
 extern void *malloc (size_t __size) __THROW __attribute_malloc__ __wur;
              ^~~~~~

scan-build said:
util-radix-tree.c:749:42: warning: Call to 'malloc' has an allocation size of 0 bytes
            if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-mem.h:177:14: note: expanded from macro 'SCMalloc'
    ptrmem = malloc((a)); \
             ^~~~~~~~~~~
1 warning generated.
---

diff --git a/src/util-radix-tree.c b/src/util-radix-tree.c
index 9d29dbc9d5..23ef98ef46 100644
--- a/src/util-radix-tree.c
+++ b/src/util-radix-tree.c
@@ -746,21 +746,18 @@ static SCRadixNode *SCRadixAddKey(uint8_t *key_stream, uint16_t key_bitlen,
                     break;
             }
 
-            if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
-                                                sizeof(uint8_t))) == NULL) {
-                SCLogError(SC_ERR_MEM_ALLOC, "Fatal error encountered in SCRadixAddKey. Mem not allocated...");
-                return NULL;
-            }
-
-            for (j = 0; j < (node->netmask_cnt - i); j++)
-                inter_node->netmasks[j] = node->netmasks[i + j];
+            if (i < node->netmask_cnt) {
+                if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
+                                sizeof(uint8_t))) == NULL) {
+                    SCLogError(SC_ERR_MEM_ALLOC, "Fatal error encountered in SCRadixAddKey. Mem not allocated...");
+                    return NULL;
+                }
 
-            inter_node->netmask_cnt = (node->netmask_cnt - i);
-            node->netmask_cnt = i;
+                for (j = 0; j < (node->netmask_cnt - i); j++)
+                    inter_node->netmasks[j] = node->netmasks[i + j];
 
-            if (node->netmask_cnt == 0) {
-                SCFree(node->netmasks);
-                node->netmasks = NULL;
+                inter_node->netmask_cnt = (node->netmask_cnt - i);
+                node->netmask_cnt = i;
             }
         }