Wrap a number of BUG_ON's in the detection engine in DEBUG ifdefs as the conditions they check for are not serious enough to abort the engine.

src/detect-engine-dcepayload.c

@@ -103,7 +103,9 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
                        cd->id, stub_len);
 
             /* rule parsers should take care of this */
+#ifdef DEBUG
             BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
             /* search for our pattern, checking the matches recursively.
              * if we match we look for the next SigMatch as well */
@@ -197,7 +199,9 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
                 uint32_t sstub_len = depth - offset;
                 uint32_t match_offset = 0;
                 SCLogDebug("sstub_len %"PRIu32, sstub_len);
+#ifdef DEBUG
                 BUG_ON(sstub_len > stub_len);
+#endif
 
                 /* do the actual search */
                 if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -235,7 +239,13 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
                         goto match;
                     }
 
-                    BUG_ON(sm->next == NULL);
+                    /* bail out if we have no next match. Technically this is an
+                     * error, as the current cd has the DETECT_CONTENT_RELATIVE_NEXT
+                     * flag set. */
+                    if (sm->next == NULL) {
+                        SCReturnInt(0);
+                    }
+
                     SCLogDebug("content %"PRIu32, cd->id);
 
                     /* see if the next payload keywords match. If not, we will
@@ -378,7 +388,10 @@ static int DoInspectDcePayload(DetectEngineCtx *de_ctx,
         /* we should never get here, but bail out just in case */
         default:
         {
+            SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
             BUG_ON(1);
+#endif
         }
     }
 

src/detect-engine-hcbd.c

@@ -100,7 +100,9 @@ static int DoInspectHttpClientBody(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -172,7 +174,9 @@ static int DoInspectHttpClientBody(DetectEngineCtx *de_ctx,
             uint8_t *spayload = payload + offset;
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             /* do the actual search with boyer moore precooked ctx */
             if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -272,7 +276,10 @@ static int DoInspectHttpClientBody(DetectEngineCtx *de_ctx,
         } while (1);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
 
     SCReturnInt(0);

src/detect-engine-hcd.c

@@ -102,7 +102,9 @@ static int DoInspectHttpCookie(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -174,7 +176,9 @@ static int DoInspectHttpCookie(DetectEngineCtx *de_ctx,
             uint8_t *spayload = payload + offset;
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             /* do the actual search with boyer moore precooked ctx */
             if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -274,7 +278,10 @@ static int DoInspectHttpCookie(DetectEngineCtx *de_ctx,
         } while (1);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
 
     SCReturnInt(0);

src/detect-engine-hhd.c

@@ -102,7 +102,9 @@ static int DoInspectHttpHeader(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -174,7 +176,9 @@ static int DoInspectHttpHeader(DetectEngineCtx *de_ctx,
             uint8_t *spayload = payload + offset;
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             /* do the actual search with boyer moore precooked ctx */
             if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -274,7 +278,10 @@ static int DoInspectHttpHeader(DetectEngineCtx *de_ctx,
         } while (1);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
 
     SCReturnInt(0);

src/detect-engine-hmd.c

@@ -102,7 +102,9 @@ static int DoInspectHttpMethod(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -174,7 +176,9 @@ static int DoInspectHttpMethod(DetectEngineCtx *de_ctx,
             uint8_t *spayload = payload + offset;
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             /* do the actual search with boyer moore precooked ctx */
             if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -274,7 +278,10 @@ static int DoInspectHttpMethod(DetectEngineCtx *de_ctx,
         } while (1);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
 
     SCReturnInt(0);

src/detect-engine-hrhd.c

@@ -102,7 +102,9 @@ static int DoInspectHttpRawHeader(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -174,7 +176,9 @@ static int DoInspectHttpRawHeader(DetectEngineCtx *de_ctx,
             uint8_t *spayload = payload + offset;
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             /* do the actual search with boyer moore precooked ctx */
             if (cd->flags & DETECT_CONTENT_NOCASE) {
@@ -274,7 +278,10 @@ static int DoInspectHttpRawHeader(DetectEngineCtx *de_ctx,
         } while (1);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
 
     SCReturnInt(0);

src/detect-engine-payload.c

@@ -111,7 +111,9 @@ static int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
             }
 
             /* rule parsers should take care of this */
+#ifdef DEBUG
             BUG_ON(cd->depth != 0 && cd->depth <= cd->offset);
+#endif
 
             /* search for our pattern, checking the matches recursively.
              * if we match we look for the next SigMatch as well */
@@ -196,7 +198,9 @@ static int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
                 uint32_t spayload_len = depth - offset;
                 uint32_t match_offset = 0;
                 SCLogDebug("spayload_len %"PRIu32, spayload_len);
+#ifdef DEBUG
                 BUG_ON(spayload_len > payload_len);
+#endif
 
                 //PrintRawDataFp(stdout,cd->content,cd->content_len);
                 //PrintRawDataFp(stdout,spayload,spayload_len);
@@ -352,7 +356,10 @@ static int DoInspectPacketPayload(DetectEngineCtx *de_ctx,
         /* we should never get here, but bail out just in case */
         default:
         {
+            SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
             BUG_ON(1);
+#endif
         }
     }
 

src/detect-engine-uri.c

@@ -105,7 +105,9 @@ static int DoInspectPacketUri(DetectEngineCtx *de_ctx,
             goto match;
 
         /* rule parsers should take care of this */
+#ifdef DEBUG
         BUG_ON(ud->depth != 0 && ud->depth <= ud->offset);
+#endif
 
         /* search for our pattern, checking the matches recursively.
          * if we match we look for the next SigMatch as well */
@@ -190,7 +192,9 @@ static int DoInspectPacketUri(DetectEngineCtx *de_ctx,
             uint32_t spayload_len = depth - offset;
             uint32_t match_offset = 0;
             SCLogDebug("spayload_len %"PRIu32, spayload_len);
+#ifdef DEBUG
             BUG_ON(spayload_len > payload_len);
+#endif
 
             //PrintRawDataFp(stdout,ud->content,ud->content_len);
 
@@ -354,7 +358,10 @@ static int DoInspectPacketUri(DetectEngineCtx *de_ctx,
         SCReturnInt(0);
     } else {
         /* we should never get here, but bail out just in case */
+        SCLogDebug("sm->type %u", sm->type);
+#ifdef DEBUG
         BUG_ON(1);
+#endif
     }
     SCReturnInt(0);