From dbadca1567010b4aaf0f481caa3dd0d163a3a4e9 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 25 Aug 2022 17:05:41 +0200
Subject: [PATCH] detect: transforms check for 0-sized buffer

So as to avoid undefined behavior with a 0-sized variable length
array

Ticket: #5521
(cherry picked from commit 61b73416e27a07cab50743d69c1cf5cd7f07b45d)
---
 src/detect-transform-compress-whitespace.c | 4 ++++
 src/detect-transform-strip-whitespace.c    | 3 +++
 src/detect-transform-urldecode.c           | 3 +++
 3 files changed, 10 insertions(+)

diff --git a/src/detect-transform-compress-whitespace.c b/src/detect-transform-compress-whitespace.c
index 13b5f4d01e..5cbf0fd896 100644
--- a/src/detect-transform-compress-whitespace.c
+++ b/src/detect-transform-compress-whitespace.c
@@ -107,6 +107,10 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
 {
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
+
     uint8_t output[input_len]; // we can only shrink
     uint8_t *oi = output, *os = output;
 
diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c
index 055a7e00d0..6d76f65008 100644
--- a/src/detect-transform-strip-whitespace.c
+++ b/src/detect-transform-strip-whitespace.c
@@ -102,6 +102,9 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
 {
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
     uint8_t output[input_len]; // we can only shrink
     uint8_t *oi = output, *os = output;
 
diff --git a/src/detect-transform-urldecode.c b/src/detect-transform-urldecode.c
index 526561f2f9..ee104ebc11 100644
--- a/src/detect-transform-urldecode.c
+++ b/src/detect-transform-urldecode.c
@@ -119,6 +119,9 @@ static void TransformUrlDecode(InspectionBuffer *buffer, void *options)
 
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
     uint8_t output[input_len]; // we can only shrink
 
     changed = BufferUrlDecode(input, input_len, output, &output_size);
-- 
2.47.2