From 8c3107472b09261461814168d38385cce1fe6535 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 4 Nov 2022 15:17:19 +0100 Subject: [PATCH] detect/frames: fix crash when parsing bad rule Indexing of Signature::init_data::smlists would fail for a rule that used a frame and fast_pattern w/o content, as the array would only be expanded when adding a content. Adding a check to see if there list id is in bounds is an implicit check for the "no content" case. Ticket: #5530 --- src/detect-parse.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/detect-parse.c b/src/detect-parse.c index 431ae37b62..04169cfdc1 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -438,7 +438,8 @@ SigMatch *DetectGetLastSMFromMpmLists(const DetectEngineCtx *de_ctx, const Signa uint32_t sm_type; /* if we have a sticky buffer, use that */ - if (s->init_data->list != DETECT_SM_LIST_NOTSET) { + if (s->init_data->list != DETECT_SM_LIST_NOTSET && + s->init_data->list < (int)s->init_data->smlists_array_size) { if (!(DetectEngineBufferTypeSupportsMpmGetById(de_ctx, s->init_data->list))) { return NULL; } -- 2.47.2