From c3a6abf60134c2993ee3802ee52206e9fdbf55ba Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 26 Nov 2024 22:34:13 +0100
Subject: [PATCH] detect/transform: handle overlapping dotprefix

If there is a transform before dotprefix, it operates in place
in a single buffer, and must therefore use memmove instead of memcpy
to avoid UB.

Ticket: 7229
---
 src/detect-transform-dotprefix.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/detect-transform-dotprefix.c b/src/detect-transform-dotprefix.c
index 295a149f8941..d58e1d4ad18d 100644
--- a/src/detect-transform-dotprefix.c
+++ b/src/detect-transform-dotprefix.c
@@ -116,8 +116,8 @@ static void TransformDotPrefix(InspectionBuffer *buffer, void *options)
             return;
         }
 
+        memmove(&output[1], buffer->inspect, input_len);
         output[0] = '.';
-        memcpy(&output[1], buffer->inspect, input_len);
         InspectionBufferTruncate(buffer, input_len + 1);
     }
 }