From 82af0aeb7cec39e206a9ca96c4966425eddeaa74 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Wed, 17 Jun 2026 22:06:33 +0200 Subject: [PATCH] swf: prevents overflow with bad config value Ticket: 8642 Do not allocate too much by using the config value, when the flash file does not require that much data anyways (cherry picked from commit d9fae18432501674338e28bd33e35788c95d4a98) --- src/util-file-decompression.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/util-file-decompression.c b/src/util-file-decompression.c index bf65b0b7c4..4806a4912b 100644 --- a/src/util-file-decompression.c +++ b/src/util-file-decompression.c @@ -125,7 +125,13 @@ int FileSwfDecompression(const uint8_t *buffer, uint32_t buffer_len, } /* if decompress_depth is 0, keep the flash file length */ - uint32_t decompressed_data_len = (decompress_depth == 0) ? decompressed_swf_len : decompress_depth; + uint32_t decompressed_data_len = decompressed_swf_len; + // only restrict the decompressed_data_len, a too big decompress_depth does not make us more + // than we need + if (decompress_depth > 0 && decompress_depth < decompressed_data_len) + decompressed_data_len = decompress_depth; + + // cannot overflow as decompressed_swf_len maxed out at MAX_SWF_DECOMPRESSED_LEN 50000000 decompressed_data_len += 8; /* make sure the inspection buffer has enough space */