Actions
Bug #2074
closeddetect msg: memory leak
Affected Versions:
Effort:
Difficulty:
Label:
Description
Direct leak of 49 byte(s) in 1 object(s) allocated from:
#0 0x7f3979bc2602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x67c57e in DetectMsgSetup /home/victor/dev/suricata/src/detect-msg.c:127
#2 0x683afc in SigParseOptions /home/victor/dev/suricata/src/detect-parse.c:704
#3 0x6854bd in SigParse /home/victor/dev/suricata/src/detect-parse.c:1027
#4 0x68bc3b in SigInitHelper /home/victor/dev/suricata/src/detect-parse.c:1567
#5 0x68c3ea in SigInit /home/victor/dev/suricata/src/detect-parse.c:1661
#6 0x68da84 in DetectEngineAppendSig /home/victor/dev/suricata/src/detect-parse.c:1928
#7 0x570ba7 in DetectLoadSigFile /home/victor/dev/suricata/src/detect.c:350
#8 0x57176d in ProcessSigFiles /home/victor/dev/suricata/src/detect.c:415
#9 0x571e7d in SigLoadSignatures /home/victor/dev/suricata/src/detect.c:475
#10 0x5d6565 in DetectEngineReload /home/victor/dev/suricata/src/detect-engine.c:2831
#11 0x8670a1 in PostRunStartedDetectSetup /home/victor/dev/suricata/src/suricata.c:2474
#12 0x86982c in main /home/victor/dev/suricata/src/suricata.c:2860
#13 0x7f397728a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Updated by Andreas Herz over 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien over 7 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Andreas Herz
- Target version changed from TBD to 70
Updated by Andreas Herz over 7 years ago
Could you tell me what compile options you used and what version of gcc?
I also saw that https://github.com/inliniac/suricata/commit/342059835fe7ec0079ac91a152a0abab516b184f commit so will try runs with that and without it.
Updated by Victor Julien over 7 years ago
alert tcp any any -> any any (msg:"1"; msg:"2"; sid:1;)
LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_OPTIONS="detect_leaks=1 symbolize=1 external_symbolizer_path=/usr/lib/llvm-3.8/bin/llvm-symbolizer" ./src/suricata -l tmp/ -S msg.rules -T
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:1842) <Info> (ParseCommandLine) -- Running suricata under test mode
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:1100) <Notice> (LogVersion) -- This is Suricata version 4.0dev (rev 2620757)
[23108] 5/5/2017 -- 13:27:49 - (util-file.c:166) <Warning> (FileForceHashParseCfg) -- [ERRCODE: SC_ERR_DEPRECATED_CONF(274)] - deprecated 'force-md5' option found. Please use 'force-hash: [md5]' instead
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:2841) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.
=================================================================
==23108==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x4599c0 in __interceptor_strdup (/home/victor/sync/devel/eidps/src/suricata+0x4599c0)
#1 0x133b58d in DetectMsgSetup /home/victor/sync/devel/eidps/src/detect-msg.c:106:14
#2 0x134a639 in SigParseOptions /home/victor/sync/devel/eidps/src/detect-parse.c:764:13
#3 0x13472cf in SigParse /home/victor/sync/devel/eidps/src/detect-parse.c:1095:19
#4 0x13507cf in SigInitHelper /home/victor/sync/devel/eidps/src/detect-parse.c:1635:9
#5 0x134fe70 in SigInit /home/victor/sync/devel/eidps/src/detect-parse.c:1729:16
#6 0x1351ece in DetectEngineAppendSig /home/victor/sync/devel/eidps/src/detect-parse.c:1996:22
#7 0xbe5b36 in DetectLoadSigFile /home/victor/sync/devel/eidps/src/detect.c:352:15
#8 0xb4f137 in ProcessSigFiles /home/victor/sync/devel/eidps/src/detect.c:417:13
#9 0xb4d412 in SigLoadSignatures /home/victor/sync/devel/eidps/src/detect.c:496:15
#10 0x199c002 in LoadSignatures /home/victor/sync/devel/eidps/src/suricata.c:2391:9
#11 0x1992802 in PostConfLoadedDetectSetup /home/victor/sync/devel/eidps/src/suricata.c:2522:17
#12 0x197b8a9 in main /home/victor/sync/devel/eidps/src/suricata.c:2835:5
#13 0x7fa8b067682f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291
SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
Updated by Victor Julien over 7 years ago
Looks like etpro had a rule that triggered this, but not anymore.
Updated by Victor Julien about 7 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.0.1
Actions