Stack 8001 v13#14850
Conversation
Before stack allocation Ticket: 8001
Before doing stack allocation Ticket: 8001
Before stack allocation Ticket: 8001
To avoid running a big (when many signatures) stack allocation on each detection loop with postmatches Ticket: 8001
catenacyber
force-pushed
the
stack-8001-v13
branch
from
e4681a3 to
7aac1d5
Compare
| if (strlen(parser->opts) > 0) { | ||
| size_t buffer_size = strlen(parser->opts) + 1; | ||
| if (buffer_size > UINT16_MAX) { | ||
| SCLogError("Too long options for signature : %zu>%d", buffer_size, UINT16_MAX); |
There was a problem hiding this comment.
is %zu portable? We normally use the PRI macros
also, "too long options" doesn't sound great
There was a problem hiding this comment.
What is the PRI macro for size_t ?
There was a problem hiding this comment.
I think the pattern is PRIuMAX .. (uintmax_t)var
There was a problem hiding this comment.
Replacing with a debug validation as we have DETECT_MAX_RULE_SIZE as a global bound
| /* we can have no options, so make sure we have them */ | ||
| if (strlen(parser->opts) > 0) { | ||
| size_t buffer_size = strlen(parser->opts) + 1; | ||
| if (buffer_size > UINT16_MAX) { |
There was a problem hiding this comment.
I think a rule has a max len of 8k? So this would be unreachable.
There was a problem hiding this comment.
Ah I see DETECT_MAX_RULE_SIZE, will look again at this
| return NULL; | ||
|
|
||
| // a rule can not have that many metadata | ||
| DEBUG_VALIDATE_BUG_ON(cnt > UINT16_MAX); |
There was a problem hiding this comment.
seems impossible, as long as the rule len max is 8k.
There was a problem hiding this comment.
Will look again with DETECT_MAX_RULE_SIZE
|
Information: QA ran without warnings. Pipeline = 29763 |
|
Draft : see inline comments |
|
Replaced by #14939 |
3 participants
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/8001
Describe changes: improve stack allocations
#14821 next batch
Still todo after :
git grep '\];' src/*.c | grep -v = | grep -v '[0-9]\];' | grep -v '[A-Z]\];' | grep -v return | grep -v g_alproto_max | grep -v '\[\];' | grep -v sizeof> src/detect.cbuffer_type_idwhich is a legit u32