Bug #2458
closedmemleak: gitmaster - 4.1.0-dev (rev c60decd)
Description
Seeing some ftp related memleaks it seams with gitmaster - 4.1.0-dev (rev c60decd) on live traffic.
==1217==ERROR: LeakSanitizer: detected memory leaks Direct leak of 64 byte(s) in 2 object(s) allocated from: #0 0x4bfdd0 in calloc (/usr/local/bin/suricata+0x4bfdd0) #1 0x629872 in FTPCalloc /home/pevman/tests/git/suricata/src/app-layer-ftp.c:154:11 #2 0x62776b in FTPParseRequest /home/pevman/tests/git/suricata/src/app-layer-ftp.c:441:51 #3 0x6638a3 in AppLayerParserParse /home/pevman/tests/git/suricata/src/app-layer-parser.c:1142:13 #4 0x527985 in AppLayerHandleTCPData /home/pevman/tests/git/suricata/src/app-layer.c:635:17 #5 0xc8a52b in ReassembleUpdateAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1063:13 #6 0xc89397 in StreamTcpReassembleAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1136:12 #7 0xc8fc83 in StreamTcpReassembleHandleSegmentUpdateACK /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1685:9 #8 0xc8f94a in StreamTcpReassembleHandleSegment /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1724:9 #9 0xc77200 in HandleEstablishedPacketToClient /home/pevman/tests/git/suricata/src/stream-tcp.c:2360:9 #10 0xc2af1a in StreamTcpPacketStateEstablished /home/pevman/tests/git/suricata/src/stream-tcp.c:2597:13 #11 0xc11d22 in StreamTcpPacket /home/pevman/tests/git/suricata/src/stream-tcp.c:4643:20 #12 0xc530ec in StreamTcp /home/pevman/tests/git/suricata/src/stream-tcp.c:5018:11 #13 0xa15c4d in FlowWorker /home/pevman/tests/git/suricata/src/flow-worker.c:216:9 #14 0xcc42dd in TmThreadsSlotVarRun /home/pevman/tests/git/suricata/src/tm-threads.c:145:17 #15 0xbd15bb in TmThreadsSlotProcessPkt /home/pevman/tests/git/suricata/src/./tm-threads.h:147:9 #16 0xbce06d in AFPParsePacketV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1116:9 #17 0xbcc7a0 in AFPWalkBlock /home/pevman/tests/git/suricata/src/source-af-packet.c:1131:13 #18 0xbbcc37 in AFPReadFromRingV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1170:13 #19 0xbb969e in ReceiveAFPLoop /home/pevman/tests/git/suricata/src/source-af-packet.c:1559:17 #20 0xcd6cee in TmThreadsSlotPktAcqLoop /home/pevman/tests/git/suricata/src/tm-threads.c:348:13 #21 0x7fdce678d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9) Indirect leak of 80 byte(s) in 2 object(s) allocated from: #0 0x4bfdd0 in calloc (/usr/local/bin/suricata+0x4bfdd0) #1 0x629872 in FTPCalloc /home/pevman/tests/git/suricata/src/app-layer-ftp.c:154:11 #2 0x62783a in FTPParseRequest /home/pevman/tests/git/suricata/src/app-layer-ftp.c:446:39 #3 0x6638a3 in AppLayerParserParse /home/pevman/tests/git/suricata/src/app-layer-parser.c:1142:13 #4 0x527985 in AppLayerHandleTCPData /home/pevman/tests/git/suricata/src/app-layer.c:635:17 #5 0xc8a52b in ReassembleUpdateAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1063:13 #6 0xc89397 in StreamTcpReassembleAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1136:12 #7 0xc8fc83 in StreamTcpReassembleHandleSegmentUpdateACK /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1685:9 #8 0xc8f94a in StreamTcpReassembleHandleSegment /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1724:9 #9 0xc77200 in HandleEstablishedPacketToClient /home/pevman/tests/git/suricata/src/stream-tcp.c:2360:9 #10 0xc2af1a in StreamTcpPacketStateEstablished /home/pevman/tests/git/suricata/src/stream-tcp.c:2597:13 #11 0xc11d22 in StreamTcpPacket /home/pevman/tests/git/suricata/src/stream-tcp.c:4643:20 #12 0xc530ec in StreamTcp /home/pevman/tests/git/suricata/src/stream-tcp.c:5018:11 #13 0xa15c4d in FlowWorker /home/pevman/tests/git/suricata/src/flow-worker.c:216:9 #14 0xcc42dd in TmThreadsSlotVarRun /home/pevman/tests/git/suricata/src/tm-threads.c:145:17 #15 0xbd15bb in TmThreadsSlotProcessPkt /home/pevman/tests/git/suricata/src/./tm-threads.h:147:9 #16 0xbce06d in AFPParsePacketV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1116:9 #17 0xbcc7a0 in AFPWalkBlock /home/pevman/tests/git/suricata/src/source-af-packet.c:1131:13 #18 0xbbcc37 in AFPReadFromRingV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1170:13 #19 0xbb969e in ReceiveAFPLoop /home/pevman/tests/git/suricata/src/source-af-packet.c:1559:17 #20 0xcd6cee in TmThreadsSlotPktAcqLoop /home/pevman/tests/git/suricata/src/tm-threads.c:348:13 #21 0x7fdce678d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)
build-info attached.
Files
Updated by Victor Julien almost 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
No pcap I assume?
Updated by Peter Manev almost 7 years ago
Unfortunately not. It happens on one of the live traffic test boxes and not all the time (every day).
Updated by Eric Leblond almost 7 years ago
I've tried to play my FTP pcap sample by just looking at port 21 but no leak were seen. I was expecting a potential problem with the cleaning of expectation but it does not seem to be the case.
Updated by Alexander Gozman almost 7 years ago
Eric Leblond wrote:
I've tried to play my FTP pcap sample by just looking at port 21 but no leak were seen. I was expecting a potential problem with the cleaning of expectation but it does not seem to be the case.
Could it be that AppLayerExpectationHandle() leaks memory? For instance (app-layer-expectation.c:310):
exp->data = NULL; exp = RemoveExpectationAndGetNext(ipp, pexp, exp, lexp); continue;
The place looks strange to me, especially when exp->data is not NULLed below when cleaning up old entries. However I don't know all the details and may be wrong.
Updated by Victor Julien over 5 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Jeff Lucovsky
Looks similar to https://github.com/OISF/suricata/pull/3827#discussion_r281012429
Updated by Jeff Lucovsky over 5 years ago
Victor Julien wrote:
Looks similar to https://github.com/OISF/suricata/pull/3827#discussion_r281012429
That was a different issue, caused by changes in the PR itself.
Updated by Jeff Lucovsky over 5 years ago
- Related to Bug #3118: asan leaks with 5.0.0-dev (9e126b210 2019-08-07) added
Updated by Jeff Lucovsky about 5 years ago
- Related to Bug #3378: ftp: asan detects leaks of expectations added
Updated by Victor Julien over 4 years ago
Is this still relevant? Anyone still observing it?
Updated by Victor Julien over 2 years ago
- Status changed from Assigned to Closed
- Assignee deleted (
Jeff Lucovsky) - Target version deleted (
TBD)
Updated by Victor Julien about 2 years ago
- Status changed from Closed to Rejected
Duplicate of #3455