From 3d0d7b740ebd8169c2834af053fdcec7a5deb34d Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Wed, 24 Sep 2025 09:16:59 +0200
Subject: [PATCH] detect/port: address format truncation warnings

This appears to be a FP. Work around it to allow for using this warning
as an error.

detect-engine-port.c: In function 'DetectPortParseDo':
detect-engine-port.c:858:35: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=]
  858 |                              "[%s]", rule_var_port);
      |                                   ^
detect-engine-port.c:857:21: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 3
  857 |                     snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  858 |                              "[%s]", rule_var_port);
      |                              ~~~~~~~~~~~~~~~~~~~~~~
detect-engine-port.c:928:34: warning: 'snprintf' output may be truncated before the last format character [-Wformat-truncation=]
  928 |                             "[%s]", rule_var_port);
      |                                  ^
detect-engine-port.c:927:21: note: 'snprintf' output 3 or more bytes (assuming 4) into a destination of size 3
  927 |                     snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
      |                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  928 |                             "[%s]", rule_var_port);
      |                             ~~~~~~~~~~~~~~~~~~~~~~

Ticket: #7905.
---
 src/detect-engine-port.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/detect-engine-port.c b/src/detect-engine-port.c
index 07b0ebc13a..c333547f9e 100644
--- a/src/detect-engine-port.c
+++ b/src/detect-engine-port.c
@@ -851,11 +851,12 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
                     goto error;
                 }
                 if (negate == 1 || n_set == 1) {
-                    alloc_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
+                    /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
+                    const size_t str_size = strlen(rule_var_port) + 3 + 1;
+                    alloc_rule_var_port = SCMalloc(str_size);
                     if (unlikely(alloc_rule_var_port == NULL))
                         goto error;
-                    snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
-                             "[%s]", rule_var_port);
+                    snprintf(alloc_rule_var_port, str_size, "[%s]", rule_var_port);
                 } else {
                     alloc_rule_var_port = SCStrdup(rule_var_port);
                     if (unlikely(alloc_rule_var_port == NULL))
@@ -921,11 +922,12 @@ static int DetectPortParseDo(const DetectEngineCtx *de_ctx,
                     goto error;
                 }
                 if ((negate + n_set) % 2) {
-                    alloc_rule_var_port = SCMalloc(strlen(rule_var_port) + 3);
+                    /* add +1 to safisfy gcc 15 + -Wformat-truncation=2 */
+                    const size_t str_size = strlen(rule_var_port) + 3 + 1;
+                    alloc_rule_var_port = SCMalloc(str_size);
                     if (unlikely(alloc_rule_var_port == NULL))
                         goto error;
-                    snprintf(alloc_rule_var_port, strlen(rule_var_port) + 3,
-                            "[%s]", rule_var_port);
+                    snprintf(alloc_rule_var_port, str_size, "[%s]", rule_var_port);
                 } else {
                     alloc_rule_var_port = SCStrdup(rule_var_port);
                     if (unlikely(alloc_rule_var_port == NULL))