From c9649bb920c440aa07518787e339195496a3e343 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 15 Jul 2024 09:52:00 +0200
Subject: [PATCH] defrag: fix off by one

Ticket: 7067

This off by one could lead to an empty fragment being inserted
in the rb tree, which led to integer underflow

(cherry picked from commit 9203656496c4081260817cce018a0d8fd57869b5)
---
 src/defrag.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/defrag.c b/src/defrag.c
index c5979b285d..86d6101728 100644
--- a/src/defrag.c
+++ b/src/defrag.c
@@ -852,7 +852,7 @@ DefragInsertFrag(ThreadVars *tv, DecodeThreadVars *dtv, DefragTracker *tracker,
         }
     }
 
-    if (ltrim > data_len) {
+    if (ltrim >= data_len) {
         /* Full packet has been trimmed due to the overlap policy. Overlap
          * already set. */
         goto done;
-- 
2.47.2