From 61b73416e27a07cab50743d69c1cf5cd7f07b45d Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 25 Aug 2022 17:05:41 +0200
Subject: [PATCH] detect: transforms check for 0-sized buffer

So as to avoid undefined behavior with a 0-sized variable length
array

Ticket: #5521
---
 src/detect-transform-compress-whitespace.c | 4 ++++
 src/detect-transform-strip-whitespace.c    | 3 +++
 src/detect-transform-urldecode.c           | 3 +++
 src/detect-transform-xor.c                 | 3 +++
 4 files changed, 13 insertions(+)

diff --git a/src/detect-transform-compress-whitespace.c b/src/detect-transform-compress-whitespace.c
index 13b5f4d01e..5cbf0fd896 100644
--- a/src/detect-transform-compress-whitespace.c
+++ b/src/detect-transform-compress-whitespace.c
@@ -107,6 +107,10 @@ static void TransformCompressWhitespace(InspectionBuffer *buffer, void *options)
 {
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
+
     uint8_t output[input_len]; // we can only shrink
     uint8_t *oi = output, *os = output;
 
diff --git a/src/detect-transform-strip-whitespace.c b/src/detect-transform-strip-whitespace.c
index 7ca48b1048..32fb96f06e 100644
--- a/src/detect-transform-strip-whitespace.c
+++ b/src/detect-transform-strip-whitespace.c
@@ -103,6 +103,9 @@ static void TransformStripWhitespace(InspectionBuffer *buffer, void *options)
 {
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
     uint8_t output[input_len]; // we can only shrink
     uint8_t *oi = output, *os = output;
 
diff --git a/src/detect-transform-urldecode.c b/src/detect-transform-urldecode.c
index f74e694970..13ef03372f 100644
--- a/src/detect-transform-urldecode.c
+++ b/src/detect-transform-urldecode.c
@@ -122,6 +122,9 @@ static void TransformUrlDecode(InspectionBuffer *buffer, void *options)
 
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
+    if (input_len == 0) {
+        return;
+    }
     uint8_t output[input_len]; // we can only shrink
 
     changed = BufferUrlDecode(input, input_len, output, &output_size);
diff --git a/src/detect-transform-xor.c b/src/detect-transform-xor.c
index 7fbf7fb3cd..53c70eda47 100644
--- a/src/detect-transform-xor.c
+++ b/src/detect-transform-xor.c
@@ -131,6 +131,9 @@ static void DetectTransformXor(InspectionBuffer *buffer, void *options)
     const uint8_t *input = buffer->inspect;
     const uint32_t input_len = buffer->inspect_len;
     DetectTransformXorData *pxd = options;
+    if (input_len == 0) {
+        return;
+    }
     uint8_t output[input_len];
 
     for (uint32_t i = 0; i < input_len; i++) {