[PATCH] util/swf: move allocation from stack to heap

As it can overflow the stack

Ticket: 8055
(cherry picked from commit a84addb771846f6d4d55ec535a4591f58369e49c)

Origin: upstream, https://github.com/OISF/suricata/commit/f67d72702a2601d0a86ac1450686e70d7176f629.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8055
Subject: Upstream fix for CVE-2025-64332

Gbp-Pq: Name CVE-2025-64332.patch

diff --git a/src/util-file-decompression.c b/src/util-file-decompression.c
index dfafdc87f050b93c24117effdb5a78b2102519d1..bf65b0b7c470d33e183b1eb3c52c88832e5dcfcd 100644 (file)
--- a/src/util-file-decompression.c
+++ b/src/util-file-decompression.c
@@ -169,7 +169,10 @@ int FileSwfDecompression(const uint8_t *buffer, uint32_t buffer_len,
          * | LZMA properties | Uncompressed length | Compressed data |
          */
         compressed_data_len += 13;
-        uint8_t compressed_data[compressed_data_len];
+        uint8_t *compressed_data = SCCalloc(1, compressed_data_len);
+        if (compressed_data == NULL) {
+            goto error;
+        }
         /* put lzma properties */
         memcpy(compressed_data, buffer + 12, 5);
         /* put lzma end marker */
@@ -183,6 +186,7 @@ int FileSwfDecompression(const uint8_t *buffer, uint32_t buffer_len,
         r = FileSwfLzmaDecompression(det_ctx,
                                      compressed_data, compressed_data_len,
                                      out_buffer->buf + 8, out_buffer->len - 8);
+        SCFree(compressed_data);
         if (r == 0)
             goto error;
     } else {