Bug #278
closedSegfault in PktVarFree
Description
I'm running Suricata on an server. Used version is 1c9e48ae98df7a6a20999458e8173b1e590a5235.
I've encountered crashes after some times in PktVarFree() function.
A backtrace gives the following information:
(gdb) bt #0 PktVarFree (pv=0x113e1513bb8a31bf) at pkt-var.c:94 #1 0x00000000004b77e3 in TmqhOutputPacketpool (t=<value optimized out>, p=0x8c5be0) at tmqh-packetpool.c:223 #2 0x00000000004b713e in TmThreadsSlotVar (td=<value optimized out>) at tm-threads.c:522 #3 0x00007ffff687f8ba in start_thread () from /lib/libpthread.so.0 #4 0x00007ffff619802d in clone () from /lib/libc.so.6 #5 0x0000000000000000 in ?? ()
The corresponding code is the following:
pv->name = NULL; if (pv->value != NULL) /* line 94 */ SCFree(pv->value);
After crash
(gdb) print pv->name Cannot access memory at address 0x113e1513bb8a31bf
It thus looks like, there is a concurrent access problem and that pv is destroyed between the two calls.
Updated by Victor Julien almost 14 years ago
This should be fixed in the git master from yesterday, especially by changeset:
commit cb67d61ab5bab175701cdef2535e2d1bf4f25697
Author: Victor Julien <victor@inliniac.net>
Date: Fri Mar 18 23:34:24 2011 +0100
Fix broken setup of end of stream pseudo packet.
Updated by Eric Leblond almost 14 years ago
Ok, I've updated the running code on the server and I will close the ticket if there is no crash during a few days.
Updated by Eric Leblond over 13 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
There was no server crash after update. It is running cleanly for 6 days now. I thus close the bug.