Suricata

The StreamingBufferAppend and StreamingBufferAppendNoTrack logic utilizes sc_errno to validate the success of malloc and realloc operations. However, the malloc and realloc functions implemented at the application layer appear to not properly set the sc_errno value upon failure. This leads to a scenario where malloc failures result in a null pointer being returned, but the streamingbuffer component does not account for this error condition. Consequently, the subsequent memcpy operation triggers a crash.

In our 10 Gb/s production environment, we are experiencing frequent occurrences of these crashes, and we aim to address and resolve this issue.

int StreamingBufferAppend(StreamingBuffer *sb, const StreamingBufferConfig *cfg,
StreamingBufferSegment *seg, const uint8_t *data, uint32_t data_len) {
DEBUG_VALIDATE_BUG_ON(seg NULL);

if (sb->region.buf  NULL) {
        if (InitBuffer(sb, cfg) == -1)
            return -1;
    }

int r = DataFits(sb, data_len);
    if (r < 0) {
        DEBUG_VALIDATE_BUG_ON(1);
        return 1;
    } else if (r  0) {
        if (sb>region.buf_size  0) {
            if (GrowToSize(sb, cfg, data_len) != SC_OK)  <----- applayer realloc did not set sc_errno value, so might be SC_OK 
                return 1;
        } else {
            if (GrowToSize(sb, cfg, sb>region.buf_offset + data_len) != SC_OK)  <----- applayer realloc did not set sc_errno value, so might be SC_OK 
                return -1;
        }
    }
    DEBUG_VALIDATE_BUG_ON(DataFits(sb, data_len) != 1);

memcpy(sb->region.buf + sb->region.buf_offset, data, data_len);
}

Here is the stacktrace when crashed in production env