Project

General

Profile

Actions

Bug #4120

closed

http2: null ptr deref in http2 alert metadata

Added by Victor Julien about 4 years ago. Updated about 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Thread 7 "W#05" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffef120700 (LWP 2367911)]
alloc::raw_vec::RawVec<T,A>::ptr (self=0x20) at /home/victor/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/raw_vec.rs:221
221            self.ptr.as_ptr()
(gdb) bt
#0  alloc::raw_vec::RawVec<T,A>::ptr (self=0x20) at /home/victor/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/raw_vec.rs:221
#1  0x0000000001e6b6ef in alloc::vec::Vec<T>::as_ptr (self=0x20) at /home/victor/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/vec.rs:814
#2  0x0000000001e71fe4 in <alloc::vec::Vec<T> as core::ops::deref::Deref>::deref (self=0x20) at /home/victor/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/vec.rs:1950
#3  0x0000000001e760ef in <&alloc::vec::Vec<T> as core::iter::traits::collect::IntoIterator>::into_iter (self=0x20) at /home/victor/.rustup/toolchains/stable-x86_64-unknown-linux-gnu/lib/rustlib/src/rust/library/alloc/src/vec.rs:2070
#4  0x0000000001b695f4 in suricata::http2::logger::log_headers (frames=0x20, js=0x606000029960, common=0x7fffef11d4a0) at /home/victor/devel/eidps/rust/src/http2/logger.rs:85
#5  0x0000000001b75e44 in suricata::http2::logger::log_http2 (tx=0x0, js=0x606000029960) at /home/victor/devel/eidps/rust/src/http2/logger.rs:204
#6  0x0000000001b77487 in suricata::http2::logger::rs_http2_log_json (tx=0x0, js=0x606000029960) at /home/victor/devel/eidps/rust/src/http2/logger.rs:273
#7  0x00000000015a7022 in AlertJsonHttp2 (f=0x6120003b3740, tx_id=0, js=0x606000029960) at output-json-alert.c:173
#8  0x00000000015a550d in AlertAddAppLayer (p=0x61e000315080, jb=0x606000029960, tx_id=0, option_flags=304) at output-json-alert.c:526
#9  0x00000000015a2d6f in AlertJson (tv=0x6120003be840, aft=0x603000109120, p=0x61e000315080) at output-json-alert.c:636
#10 0x00000000015a0a1c in JsonAlertLogger (tv=0x6120003be840, thread_data=0x603000109120, p=0x61e000315080) at output-json-alert.c:767
#11 0x00000000016117e9 in OutputPacketLog (tv=0x6120003be840, p=0x61e000315080, thread_data=0x6020000154f0) at output-packet.c:116
#12 0x00000000015916ee in OutputLoggerLog (tv=0x6120003be840, p=0x61e000315080, thread_data=0x6020000154d0) at output.c:882
#13 0x0000000001534bec in FlowWorker (tv=0x6120003be840, p=0x61e000315080, data=0x60d00004fff0) at flow-worker.c:545
#14 0x00000000018aa3b2 in TmThreadsSlotVarRun (tv=0x6120003be840, p=0x61e000315080, slot=0x606000016b80) at tm-threads.c:117
#15 0x00000000018b6f5d in TmThreadsSlotVar (td=0x6120003be840) at tm-threads.c:452
#16 0x00007ffff7d0c609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#17 0x00007ffff7890293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Actions

Also available in: Atom PDF