Project

General

Profile

Actions

Bug #557

closed

segfault in 1.4beta1

Added by Michael Cox about 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hello. Decided to give the new beta a try today and received a segfault when using af_packet (pcap mode is OK).

Ubuntu 32 bit with 2.6.32-33-generic-pae.

Some output below. Let me know what else you'd like to see.

Thanks and regards,
Michael

configure options:

./configure --enable-profiling --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/ --enable-af-packet

gdb output:

21/9/2012 -- 16:19:47 - <Info> - Enabling mmaped capture on iface eth1
21/9/2012 -- 16:19:47 - <Info> - Using round-robin cluster mode for AF_PACKET (iface eth1)
21/9/2012 -- 16:19:47 - <Info> - Going to use 1 ReceiveAFP receive thread(s)
[New Thread 0xb5fb1b70 (LWP 21234)]
21/9/2012 -- 16:19:47 - <Info> - Enabling zero copy mode by using data release call
[New Thread 0xb43beb70 (LWP 21235)]
[New Thread 0xb3bbdb70 (LWP 21236)]
[New Thread 0xb33bcb70 (LWP 21237)]
[New Thread 0xb2bbbb70 (LWP 21238)]
[New Thread 0xb23bab70 (LWP 21239)]
[New Thread 0xb1bb9b70 (LWP 21240)]
21/9/2012 -- 16:19:48 - <Info> - RunModeIdsAFPAutoFp initialised
[New Thread 0xb13b8b70 (LWP 21241)]
21/9/2012 -- 16:19:48 - <Info> - stream "max-sessions": 262144
21/9/2012 -- 16:19:48 - <Info> - stream "prealloc-sessions": 32768
21/9/2012 -- 16:19:48 - <Info> - stream "memcap": 33554432
21/9/2012 -- 16:19:48 - <Info> - stream "midstream" session pickups: disabled
21/9/2012 -- 16:19:48 - <Info> - stream "async-oneside": disabled
21/9/2012 -- 16:19:48 - <Info> - stream "checksum-validation": enabled
21/9/2012 -- 16:19:48 - <Info> - stream."inline": disabled
21/9/2012 -- 16:19:48 - <Info> - stream.reassembly "memcap": 67108864
21/9/2012 -- 16:19:48 - <Info> - stream.reassembly "depth": 1048576
21/9/2012 -- 16:19:48 - <Info> - stream.reassembly "toserver-chunk-size": 2560
21/9/2012 -- 16:19:48 - <Info> - stream.reassembly "toclient-chunk-size": 2560
[New Thread 0xb039db70 (LWP 21242)]
[New Thread 0xafb9cb70 (LWP 21243)]
21/9/2012 -- 16:19:48 - <Info> - all 7 packet processing threads, 3 management threads initialized, engine started.
21/9/2012 -- 16:19:48 - <Info> - AF_PACKET RX Ring params: block_size=32768 block_nr=103 frame_size=1584 frame_nr=2060
21/9/2012 -- 16:19:48 - <Info> - Using interface 'eth1' via socket 9
21/9/2012 -- 16:19:48 - <Info> - All AFP capture threads are running.
21/9/2012 -- 16:19:48 - <Info> - Thread RxAFP1 using socket 9

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb2bbbb70 (LWP 21238)]
0x0818754c in TCPCalculateChecksum (tv=0xba7fac8, p=0xaedcb138, data=0xadba4b8, pq=0xabf17e8, postpq=0xabf183c)
    at decode-tcp.h:199
199            csum += pkt[0] + pkt[1] + pkt[2] + pkt[3] + pkt[4] + pkt[5] + pkt[6] +

Kernel log:

Sep 21 16:17:35 qleids01 kernel: [22136849.928496] Detect4[17635]: segfault at aeb7f000 ip 0818757c sp b239da10 error 4 in suricata[8048000+19f000]


Subtasks 2 (0 open2 closed)

Bug #586: harden http_header codeClosedAnoop Saldanha10/04/201210/11/2012Actions
Bug #587: make libhtp survive OOM conditionsClosedVictor Julien10/04/2012Actions
Actions

Also available in: Atom PDF