Skip to content

Stack 8001 v11 #14669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
catenacyber wants to merge 4 commits into from
Closed

Stack 8001 v11 #14669

catenacyber wants to merge 4 commits into from
+88 −41

Conversation

@catenacyber
Copy link
Contributor

@catenacyber catenacyber commented Jan 21, 2026

Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/8001

Describe changes: improve stack allocations

  • allocate on the heap if it can be large
  • adds safety checks or debug validation

#14659 with scan-build fix

Tricky line is AppProto(*engines)[g_alproto_max] = SCCalloc(max_buffer_id, sizeof(AppProto[g_alproto_max]));

Still todo after : handle other cases of git grep '\];' src/*.c | grep -v = | grep -v '[0-9]\];' | grep -v '[A-Z]\];' | grep -v return | grep -v g_alproto_max | grep -v '\[\];' | grep -v sizeof after src/detect-engine.c

@catenacyber
datasets: adds safety check before stack allocation
afcb205 
Even if current caller does not provide too big data.

Ticket: 8001
@catenacyber
detect: allocate sids_array on the heap
6edeb4a 
To be able to load 1M signatures and not have a stack overflow

Ticket: 8001
@catenacyber
detect: add debug validation about nlists
81a8102 
To avoid stack overflow

A single signature should not have more than 65k buffers

Ticket: 8001
@catenacyber catenacyber mentioned this pull request Jan 21, 2026
Closed
@codecov
Copy link

codecov bot commented Jan 21, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 79.10448% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.11%. Comparing base (c333b28) to head (7a117d7).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14669      +/-   ##
==========================================
- Coverage   82.11%   82.11%   -0.01%     
==========================================
  Files        1011     1011              
  Lines      262812   262840      +28     
==========================================
+ Hits       215812   215833      +21     
- Misses      47000    47007       +7
Flag Coverage Δ
fuzzcorpus 60.21% <52.23%> (+0.03%) ⬆️
livemode 18.75% <44.77%> (+0.03%) ⬆️
pcap 44.66% <49.25%> (+0.07%) ⬆️
suricata-verify 65.32% <79.10%> (+0.03%) ⬆️
unittests 59.27% <49.25%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

suricata-qa commented Jan 22, 2026

Information: QA ran without warnings.

Pipeline = 29235

victorjulien
victorjulien requested changes Jan 22, 2026
View reviewed changes
src/detect-engine-analyzer.c Outdated
if (root_jb == NULL) {
return;
}
SCJsonBuilder **arrays = SCCalloc(sizeof(SCJsonBuilder *), de_ctx->buffer_type_id);
Copy link
Member

@victorjulien victorjulien Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

don't know if it matters in practice, but callocs first arg is the number of elements, the 2nd is the size per element, the reverse of what is here

Copy link
Contributor Author

@catenacyber catenacyber Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok will fix

src/detect-engine-mpm.c Outdated
memset(engines_idx, 0, sizeof(engines_idx));
int types[max_buffer_id];
memset(types, 0, sizeof(types));
AppProto(*engines)[g_alproto_max] = SCCalloc(max_buffer_id, sizeof(AppProto[g_alproto_max]));
Copy link
Member

@victorjulien victorjulien Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

scan-build still complains and it hurts my eyes as well. Can we solve this differently?

Copy link
Contributor Author

@catenacyber catenacyber Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a pointer of type 'AppProto[g_alproto_max]', which is incompatible with sizeof operand type 'AppProto[g_alproto_max]'

This hurts your eye ?

How differently ? By not having a 2-dimensions array ?

@catenacyber
detect: allocate arrays on the heap
7a117d7 
buffer_type_id is a u32

Ticket: 8001
@catenacyber
Copy link
Contributor Author

catenacyber commented Jan 22, 2026

Oops, just pushed here when I thought I was on a new branch, will see CI here then

@catenacyber catenacyber marked this pull request as draft January 22, 2026 14:04
@catenacyber catenacyber mentioned this pull request Jan 22, 2026
Open
@catenacyber
Copy link
Contributor Author

catenacyber commented Jan 22, 2026

Next version in #14676

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien requested changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@catenacyber @suricata-qa @victorjulien