From: Gabe DiFiore <difioregabe@gmail.com>
Date: Mon, 20 Apr 2026 07:36:16 +0000 (-0400)
Subject: Fix stack buffer overflow in `rvermicelliDoubleExecReal()` (#392)
X-Git-Url: http://git.ipfire.org/index.cgi?a=commitdiff_plain;h=HEAD;p=thirdparty%2Fvectorscan.git

Fix stack buffer overflow in `rvermicelliDoubleExecReal()` (#392)

Fix stack buffer overflow in rvermicelliDoubleExecReal

Remove unconditional snprintf that writes input buffer length into
fixed 255-byte stack buffer. On inputs >255 bytes, this causes stack
smash detected by FORTIFY_SOURCE. The removed lines were debug
scaffolding that duplicated the DEBUG_PRINTF above them.

Fixes crash on patterns like ".*literal" with buffers >255 bytes.
---

diff --git a/src/nfa/vermicelli_simd.cpp b/src/nfa/vermicelli_simd.cpp
index e8210f2c..3bea78b9 100644
--- a/src/nfa/vermicelli_simd.cpp
+++ b/src/nfa/vermicelli_simd.cpp
@@ -368,9 +368,6 @@ const u8 *rvermicelliDoubleExecReal(char c1, char c2, SuperVector<S> const casem
     assert(buf < buf_end);
     DEBUG_PRINTF("rverm %p len %zu\n", buf, buf_end - buf);
     DEBUG_PRINTF("b %s\n", buf);
-    char s[255];
-    snprintf(s, buf_end - buf + 1, "%s", buf);
-    DEBUG_PRINTF("b %s\n", s);
 
     const u8 *d = buf_end;
     const u8 *rv;