[PATCH] detect/alert: check alert queue capacity before expanding
So far, the alert queue was expanded by doubling in size w/o any
boundary checks in place. This led to situations where doubling
the alert_queue_capacity meant overflow of the very same value
stored in det_ctx.
This led to heap-use-after-free in some conditions where
det_ctx->alert_queue_capacity overflowed.
Fix this by capping the max of alert_queue_capacity by checking if its
expansion could result in an overflow.
Security 8190
(cherry picked from commit
ac1eb394181530430fb7262969f423a1bf8f209b)
Origin: upstream, https://github.com/OISF/suricata/commit/
5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2.patch
Bug: https://redmine.openinfosecfoundation.org/issues/8190
Subject: Upstream fix for CVE-2026-22264
Gbp-Pq: Name CVE-2026-22264.patch
projects / suricata.git / commit