Actions
Bug #3378
closedftp: asan detects leaks of expectations
Affected Versions:
Effort:
Difficulty:
Label:
Needs backport to 4.1, Needs backport to 5.0
Description
I can consistently reproduce the below upon exit/stopping Suricata on live traffic.
(it seems related to - https://redmine.openinfosecfoundation.org/issues/3118 )
[39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [9/1846]
[39354] 4/12/2019 -- 08:32:53 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache
=================================================================
==39354==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea)
#1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11
#2 0x63a89c in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:633:51
#3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13
#4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17
#5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11
#6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12
#7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9
#8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9
#9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9
#10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13
#11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17
#12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13
#13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11
#14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9
#15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17
#16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9
#17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9
#18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15
#19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15
#20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17
#21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13
#22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
Indirect leak of 61 byte(s) in 1 object(s) allocated from:
#0 0x4cf5ea in calloc (/usr/bin/suricata+0x4cf5ea)
#1 0x640184 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:221:11
#2 0x63a984 in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:638:39
#3 0x683be4 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1239:13
#4 0x535ca0 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:660:17
#5 0xda4357 in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1065:11
#6 0xda2eb8 in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1122:12
#7 0xdaa0d7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1696:9
#8 0xda9d60 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1739:9
#9 0xd7e1bd in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2407:9
#10 0xd3fa4f in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2644:13
#11 0xd21be9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4649:17
#12 0xd182bf in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4837:13
#13 0xd22d8c in StreamTcp /opt/suricata/src/stream-tcp.c:5173:11
#14 0xace407 in FlowWorker /opt/suricata/src/flow-worker.c:245:9
#15 0xdeec16 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:129:17
#16 0xcd1e92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:163:9
#17 0xcc75a5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1130:9
#18 0xcc5af7 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1146:15
#19 0xcb58a6 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1196:15
#20 0xcb209f in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1589:17
#21 0xe047e0 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:354:13
#22 0x7f72f5719fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
SUMMARY: AddressSanitizer: 93 byte(s) leaked in 2 allocation(s).
Suri info
suricata --build-info
This is Suricata version 5.0.1-dev (4343d1bc0 2019-11-30)
Features: PCAP_SET_BUFF AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON TLS MAGIC RUST
SIMD support: SSE_4_2 SSE_4_1 SSE_3
Atomic intrinsics: 1 2 4 8 16 byte(s)
64-bits, Little-endian architecture
GCC version 4.2.1 Compatible Clang 7.0.1 (tags/RELEASE_701/final), C version 199901
compiled with _FORTIFY_SOURCE=0
L1 cache line size (CLS)=64
thread local storage method: __thread
compiled with LibHTP v0.5.31, linked against LibHTP v0.5.31
Suricata Configuration:
AF_PACKET support: yes
eBPF support: yes
XDP support: yes
PF_RING support: no
NFQueue support: no
NFLOG support: no
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: no
hiredis async with libevent: no
Prelude support: no
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: yes
Non-bundled htp: no
Old barnyard2 support: no
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Rust support: yes
Rust strict mode: yes
Rust compiler path: /root/.cargo/bin/rustc
Rust compiler version: rustc 1.39.0 (4560ea788 2019-11-04)
Cargo path: /root/.cargo/bin/cargo
Cargo version: cargo 1.39.0 (1c6ec66d5 2019-09-30)
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml no
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: not bundled
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: clang (exec name) / clang (real)
GCC Protect enabled: no
GCC march native enabled: yes
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -ggdb -O0 -Werror -Wchar-subscripts -Wshadow -Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function -march=native -I${srcdir}/../rust/gen/c-headers
PCAP_CFLAGS -I/usr/include
SECCFLAGS [10/1483]
Updated by Victor Julien almost 5 years ago
- Status changed from New to Assigned
- Assignee set to Jeff Lucovsky
- Priority changed from Normal to High
- Target version set to 5.0.1
Updated by Jeff Lucovsky almost 5 years ago
Peter .. Can you apply the diff from 3118 and rerun to see if that's the culprit?
Updated by Peter Manev almost 5 years ago
Yep - did that now chasing it. Will report back - hopefully today.
Updated by Jeff Lucovsky almost 5 years ago
- Related to Bug #2458: memleak: gitmaster - 4.1.0-dev (rev c60decd) added
Updated by Victor Julien almost 5 years ago
- Target version changed from 5.0.1 to 5.0.2
Updated by Victor Julien over 4 years ago
- Target version changed from 5.0.2 to 5.0.3
Updated by Victor Julien over 4 years ago
- Subject changed from ftp asan leak to ftp: asan detects leaks of expectations
- Status changed from Assigned to Closed
- Assignee changed from Jeff Lucovsky to Eric Leblond
- Priority changed from High to Normal
- Target version changed from 5.0.3 to 6.0.0beta1
- Label Needs backport to 4.1, Needs backport to 5.0 added
Updated by Victor Julien over 4 years ago
- Has duplicate Bug #3455: asan ftp related leaks on the current gitmaster added
Updated by Peter Manev over 4 years ago
Still see that with - Suricata version 6.0.0-dev (09a21545c 2020-04-03)
[99654] 4/4/2020 -- 10:10:09 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [228/1905]
[99654] 4/4/2020 -- 10:10:09 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache
=================================================================
==99654==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 29088 byte(s) in 909 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f61f3ba342e (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x842e)
Direct leak of 180 byte(s) in 18 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f61f3910d84 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x28d84)
Direct leak of 32 byte(s) in 1 object(s) allocated from:
#0 0x4cf63a in calloc (/usr/bin/suricata+0x4cf63a)
#1 0x625be4 in FTPCalloc /opt/suricata/src/app-layer-ftp.c:220:11
#2 0x61f1db in FTPParseRequest /opt/suricata/src/app-layer-ftp.c:635:51
#3 0x66b887 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1238:30
#4 0x519b45 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:665:17
#5 0xd9fa2d in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1098:11
#6 0xd9dfdb in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1155:12
#7 0xda57a7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1729:9
#8 0xda5430 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1772:9
#9 0xd78ffb in HandleEstablishedPacketToClient /opt/suricata/src/stream-tcp.c:2448:9
#10 0xd3a50b in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2685:13
#11 0xd1c5b9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4690:17
#12 0xd12ca3 in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4879:13
#13 0xd1d74c in StreamTcp /opt/suricata/src/stream-tcp.c:5215:11
#14 0xac7068 in FlowWorker /opt/suricata/src/flow-worker.c:241:9
#15 0xde7f71 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:117:21
#16 0xcc8f92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:192:17
#17 0xcbe6f5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1127:9
#18 0xcbcc47 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1142:15
#19 0xcb0e06 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1192:15
#20 0xcac5fc in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1585:17
#21 0xdfe813 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:300:13
#22 0x7f61f3b81fa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
Indirect leak of 3105 byte(s) in 207 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x32332e383730 (<unknown module>)
Indirect leak of 1666 byte(s) in 119 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3430312e2f (<unknown module>)
Indirect leak of 1176 byte(s) in 84 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f61f3ba0b14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
Updated by Victor Julien over 4 years ago
- Status changed from Closed to Assigned
Ok, so not fixed. Btw there are more leaks in there around eve.json.
Updated by Peter Manev over 4 years ago
Yes.
So in a different angle of the chase of this leak. I simply reverted the search and started Suricata with BP filter that negates ftp and ftp-data
not port ftp or ftp-data
After some runs and back and forts I came up with this leak (it seems non related to the issue here) - wondering if it is connected somehow or it needs its separate issue.
[9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1081) <Perf> (MpmHSGlobalCleanup) -- Cleaning up Hyperscan global scratch [114/1991]
[9040] 4/4/2020 -- 21:40:11 - (util-mpm-hs.c:1089) <Perf> (MpmHSGlobalCleanup) -- Clearing Hyperscan database cache
=================================================================
==9040==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 53728 byte(s) in 1679 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32b142e (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x842e)
Direct leak of 180 byte(s) in 18 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc301ed84 in pcre_get_substring (/lib/x86_64-linux-gnu/libpcre.so.3+0x28d84)
Direct leak of 116 byte(s) in 1 object(s) allocated from:
#0 0x4cf862 in realloc (/usr/bin/suricata+0x4cf862)
#1 0x111af9f in alloc::alloc::realloc::hc365b4bd1305efa1 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:125:4
#2 0x111af9f in _$LT$alloc..alloc..Global$u20$as$u20$core..alloc..Alloc$GT$::realloc::h5274617238b8c05e /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/alloc.rs:184:21
#3 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_internal::hf92e901fa5ea2fc3 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:659:20
#4 0x111af9f in alloc::raw_vec::RawVec$LT$T$C$A$GT$::reserve_exact::h259e82a6cdf740c7 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/raw_vec.rs:399:14
#5 0x111af9f in alloc::vec::Vec$LT$T$GT$::reserve_exact::hca57a6f378cdea21 /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/liballoc/vec.rs:518:8
#6 0x111af9f in std::ffi::c_str::CString::from_vec_unchecked::h22f92dc651d3e09f /rustc/b8cedc00407a4c56a3bda1ed605c6fc166655447/src/libstd/ffi/c_str.rs:381:8
#7 0x6b68b3 in SSLv3ParseHandshakeType /opt/suricata/src/app-layer-ssl.c:1452:18
#8 0x6b31ce in SSLv3ParseHandshakeProtocol /opt/suricata/src/app-layer-ssl.c:1596:14
#9 0x6af642 in SSLv3Decode /opt/suricata/src/app-layer-ssl.c:2269:22
#10 0x6ab3ff in SSLDecode /opt/suricata/src/app-layer-ssl.c:2436:30
#11 0x6a79b3 in SSLParseServerRecord /opt/suricata/src/app-layer-ssl.c:2530:12
#12 0x66b887 in AppLayerParserParse /opt/suricata/src/app-layer-parser.c:1238:30
#13 0x51b28e in TCPProtoDetect /opt/suricata/src/app-layer.c:451:17
#14 0x5195e5 in AppLayerHandleTCPData /opt/suricata/src/app-layer.c:620:13
#15 0xd9fa2d in ReassembleUpdateAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1098:11
#16 0xd9dfdb in StreamTcpReassembleAppLayer /opt/suricata/src/stream-tcp-reassemble.c:1155:12
#17 0xda57a7 in StreamTcpReassembleHandleSegmentUpdateACK /opt/suricata/src/stream-tcp-reassemble.c:1729:9
#18 0xda5430 in StreamTcpReassembleHandleSegment /opt/suricata/src/stream-tcp-reassemble.c:1772:9
#19 0xd75187 in HandleEstablishedPacketToServer /opt/suricata/src/stream-tcp.c:2297:9
#20 0xd3a3fd in StreamTcpPacketStateEstablished /opt/suricata/src/stream-tcp.c:2671:13
#21 0xd1c5b9 in StreamTcpStateDispatch /opt/suricata/src/stream-tcp.c:4690:17
#22 0xd12ca3 in StreamTcpPacket /opt/suricata/src/stream-tcp.c:4879:13
#23 0xd1d74c in StreamTcp /opt/suricata/src/stream-tcp.c:5215:11
#24 0xac7068 in FlowWorker /opt/suricata/src/flow-worker.c:241:9
#25 0xde7f71 in TmThreadsSlotVarRun /opt/suricata/src/tm-threads.c:117:21
#26 0xcc8f92 in TmThreadsSlotProcessPkt /opt/suricata/src/./tm-threads.h:192:17
#27 0xcbe6f5 in AFPParsePacketV3 /opt/suricata/src/source-af-packet.c:1127:9
#28 0xcbcc47 in AFPWalkBlock /opt/suricata/src/source-af-packet.c:1142:15
#29 0xcb0e06 in AFPReadFromRingV3 /opt/suricata/src/source-af-packet.c:1192:15
#30 0xcac5fc in ReceiveAFPLoop /opt/suricata/src/source-af-packet.c:1585:17
#31 0xdfe813 in TmThreadsSlotPktAcqLoop /opt/suricata/src/tm-threads.c:300:13
#32 0x7f9cc328ffa2 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x7fa2)
Indirect leak of 16081 byte(s) in 1237 object(s) allocated from: [65/1991]
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x31352e30 (<unknown module>)
Indirect leak of 1200 byte(s) in 80 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3934312e3632 (<unknown module>)
Indirect leak of 770 byte(s) in 55 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3133322e34 (<unknown module>)
Indirect leak of 770 byte(s) in 55 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3739312e31 (<unknown module>)
Indirect leak of 742 byte(s) in 53 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3834312e33 (<unknown module>)
Indirect leak of 658 byte(s) in 47 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x38322e3933 (<unknown module>)
Indirect leak of 546 byte(s) in 39 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x39322e3933 (<unknown module>)
Indirect leak of 285 byte(s) in 19 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3839312e3030 (<unknown module>)
Indirect leak of 252 byte(s) in 21 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x352e2f (<unknown module>)
Indirect leak of 238 byte(s) in 17 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3737312e2f (<unknown module>)
Indirect leak of 182 byte(s) in 13 object(s) allocated from: [15/1991]
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x30332e3634 (<unknown module>)
Indirect leak of 150 byte(s) in 10 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x32332e383730 (<unknown module>)
Indirect leak of 126 byte(s) in 9 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x39332e3531 (<unknown module>)
Indirect leak of 84 byte(s) in 7 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x333230 (<unknown module>)
Indirect leak of 70 byte(s) in 5 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3330312e2f (<unknown module>)
Indirect leak of 48 byte(s) in 3 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3336312e343030 (<unknown module>)
Indirect leak of 30 byte(s) in 2 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x35342e393730 (<unknown module>)
Indirect leak of 20 byte(s) in 2 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x660030 in ModbusParseWriteRequest /opt/suricata/src/app-layer-modbus.c:789:33
Indirect leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3434312e343231 (<unknown module>)
Indirect leak of 13 byte(s) in 1 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x3333312d (<unknown module>)
Indirect leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x30322d (<unknown module>)
Indirect leak of 12 byte(s) in 1 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x30312d (<unknown module>)
Indirect leak of 11 byte(s) in 1 object(s) allocated from:
#0 0x4cf443 in __interceptor_malloc (/usr/bin/suricata+0x4cf443)
#1 0x7f9cc32aeb14 (/usr/lib/x86_64-linux-gnu/libjansson.so.4+0x5b14)
#2 0x352d (<unknown module>)
SUMMARY: AddressSanitizer: 76340 byte(s) leaked in 3377 allocation(s).
Updated by Peter Manev over 4 years ago
Opened a separate issue here - https://redmine.openinfosecfoundation.org/issues/3595 for that last update above (https://redmine.openinfosecfoundation.org/issues/3378#note-11).
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3596: ftp: asan detects leaks of expectations added
Updated by Jeff Lucovsky over 4 years ago
- Copied to Bug #3597: ftp: asan detects leaks of expectations added
Updated by Victor Julien over 4 years ago
- Status changed from Assigned to Closed
Despite trying hard none of us have been able to reproduce this either in targeted testing or in our general sensors. So considering fixed.
Actions