From 69b8b48b9422279943c083a24e5baf64e1c4aa94 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Tue, 26 Apr 2022 21:47:37 +0200
Subject: [PATCH] detect/pcre: assist code analyzer around pointer logic

cppcheck:

src/detect-pcre.c:381:27: warning: Either the condition 'pcap' is redundant or there is overflow in pointer subtraction. [nullPointerArithmeticRedundantCheck]
            cut_capture = MIN((pcap - regexstr), (fcap - regexstr));
                          ^
src/detect-pcre.c:378:18: note: Assuming that condition 'pcap' is not redundant
        else if (pcap && !fcap)
                 ^
src/detect-pcre.c:381:27: note: Null pointer subtraction
            cut_capture = MIN((pcap - regexstr), (fcap - regexstr));
                          ^

Bug: #5291.
---
 src/detect-pcre.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/detect-pcre.c b/src/detect-pcre.c
index 6f89ba8463..f20b216247 100644
--- a/src/detect-pcre.c
+++ b/src/detect-pcre.c
@@ -377,8 +377,11 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx,
             cut_capture = fcap - regexstr;
         else if (pcap && !fcap)
             cut_capture = pcap - regexstr;
-        else
+        else {
+            BUG_ON(pcap == NULL); // added to assist cppcheck
+            BUG_ON(fcap == NULL);
             cut_capture = MIN((pcap - regexstr), (fcap - regexstr));
+        }
 
         SCLogDebug("cut_capture %d", cut_capture);