From 4086938f1e3b8f108230f88dbba0f8834966d8bf Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 12 Feb 2016 10:48:26 +0100
Subject: [PATCH] pool: fix memory leak

Due to pointer size mishandling, the pool code could consider a
block of memory inside the 'preallocated' block. It would then not
free the block.
---
 configure.ac          | 1 +
 src/suricata-common.h | 4 ++++
 src/util-pool.c       | 4 ++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6daa5e6df8..79578fb310 100644
--- a/configure.ac
+++ b/configure.ac
@@ -147,6 +147,7 @@
     # Checks for libraries.
 
     # Checks for header files.
+    AC_CHECK_HEADERS([stddef.h])
     AC_CHECK_HEADERS([arpa/inet.h assert.h ctype.h errno.h fcntl.h inttypes.h])
     AC_CHECK_HEADERS([getopt.h])
     AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h])
diff --git a/src/suricata-common.h b/src/suricata-common.h
index 388f1a429c..4d60f78781 100644
--- a/src/suricata-common.h
+++ b/src/suricata-common.h
@@ -49,6 +49,10 @@
 #include <stdio.h>
 #endif
 
+#if HAVE_STDDEF_H
+#include <stddef.h>
+#endif
+
 #if HAVE_STDINT_h
 #include <stdint.h>
 #endif
diff --git a/src/util-pool.c b/src/util-pool.c
index 6f40525204..4d4d5e40ea 100644
--- a/src/util-pool.c
+++ b/src/util-pool.c
@@ -54,10 +54,10 @@ static int PoolMemset(void *pitem, void *initdata)
 
 /**
  * \brief Check if data is preallocated
- * \retval 0 or -1 if not inside */
+ * \retval 0 if not inside the prealloc'd block, 1 if inside */
 static int PoolDataPreAllocated(Pool *p, void *data)
 {
-    int delta = data - p->data_buffer;
+    ptrdiff_t delta = data - p->data_buffer;
     if ((delta < 0) || (delta > p->data_buffer_size)) {
         return 0;
     }