Project

General

Profile

Actions

Bug #1922

open

runmodes: memory leaks

Added by Xiangyu Bu about 8 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

The memory leaks I'm reporting are preventing me from properly fuzzing Suricata 3.1.2 compiled with ASAN (as Suricata's AFL tutorial suggests "-fsanitize=address").

Some of those memory leaks do not affect real world usage, though.

I have attached the memory leaks reported by valgrind, which provides more details about the leaks.

Compilation options (It's basically from Suricata's AFL tutorial, but I didn't enable ASAN or AFL in order to run valgrind):

```
CFLAGS="-g -O0 -fno-omit-frame-pointer" ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes ./configure --enable-nfqueue --enable-unittests --enable-profiling --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-afl --disable-shared
```

The command I used for running Suricata:

```
$ valgrind --show-leak-kinds=all --leak-check=full -v ./src/suricata --afl-decoder-ppp /root/sample_traces/arp/arp-storm.pcap
```


Files

arp-storm.pcap (46.2 KB) arp-storm.pcap The sample trace I used. Xiangyu Bu, 10/13/2016 03:32 PM
suricata_leak.txt (68.9 KB) suricata_leak.txt List of memory leaks reported by valgrind. Xiangyu Bu, 10/13/2016 03:32 PM
Actions #1

Updated by Victor Julien about 8 years ago

A workaround is to set ASAN_OPTIONS=detect_leaks=0 before running your fuzzer.

Actions #2

Updated by Xiangyu Bu about 8 years ago

Sorry the title should have been "runmodes: memory leaks"...

Actions #3

Updated by Victor Julien about 8 years ago

  • Subject changed from rules: memory leaks to runmodes: memory leaks
  • Assignee set to OISF Dev
  • Target version set to 70
Actions #4

Updated by Victor Julien about 7 years ago

  • Assignee changed from OISF Dev to Anonymous
  • Target version changed from 70 to TBD
Actions #5

Updated by Andreas Herz almost 6 years ago

  • Assignee set to Community Ticket
Actions #6

Updated by Andreas Herz over 5 years ago

Are those memory leaks still valid?

Actions #7

Updated by Victor Julien over 5 years ago

Can someone convert the pcap to a SV test?

Actions

Also available in: Atom PDF