From ef71e5e37dd08dcd357223b24192d4bc1b29bedd Mon Sep 17 00:00:00 2001
From: dmiller <dmiller@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Mon, 30 Oct 2023 19:01:07 +0000
Subject: [PATCH] Avoid out-of-bounds read leading to runaway allocations.
 Fixes #2731

---
 nbase/nbase_addrset.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbase/nbase_addrset.c b/nbase/nbase_addrset.c
index 20981afd9..fd9fb111b 100644
--- a/nbase/nbase_addrset.c
+++ b/nbase/nbase_addrset.c
@@ -319,7 +319,7 @@ static void trie_split (struct trie_node *this, const u32 *addr, const u32 *mask
       break;
     }
   }
-  if (new_mask[i] >= this->mask[i]) {
+  if (i >= 4 || new_mask[i] >= this->mask[i]) {
     /* This node completely contains the new addr and mask. No need to split or add */
     return;
   }