Project

General

Profile

Actions

Bug #740

closed

Seg fault processing pcaps from UNIX socket

Added by Felix Ingram almost 12 years ago. Updated almost 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I cannot share the pcap that caused the issue (if only because I have no idea which one it was). GDB backtrack and --build-info below.

warning: Can't read pathname for load map: Input/output error.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `suricata -c configs/suricata/suricata.yaml --unix-socket'.
Program terminated with signal 11, Segmentation fault.
#0  0x00000000004868b1 in SigMatchSignatures ()
(gdb) backtrace
#0  0x00000000004868b1 in SigMatchSignatures ()
#1  0x0000000000487782 in Detect ()
#2  0x00000000005b5132 in TmThreadsSlotVarRun ()
#3  0x00000000005b612b in TmThreadsSlotVar ()
#4  0x00007f9f2fb11e9a in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#5  0x00007f9f2f3e0cbd in clone () from /lib/x86_64-linux-gnu/libc.so.6
#6  0x0000000000000000 in ?? ()
(gdb)

/nsm$ suricata --build-info
30/1/2013 -- 11:31:52 - <Info> - This is Suricata version 1.4 RELEASE
30/1/2013 -- 11:31:52 - <Info> - Features: PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT HAVE_HTP_URI_NORMALIZE_HOOK HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW
30/1/2013 -- 11:31:52 - <Info> - 64-bits, Little-endian architecture
30/1/2013 -- 11:31:52 - <Info> - GCC version 4.6.3, C version 199901
30/1/2013 -- 11:31:52 - <Info> - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_1
30/1/2013 -- 11:31:52 - <Info> - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_2
30/1/2013 -- 11:31:52 - <Info> - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_4
30/1/2013 -- 11:31:52 - <Info> - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_8
30/1/2013 -- 11:31:52 - <Info> - __GCC_HAVE_SYNC_COMPARE_AND_SWAP_16
30/1/2013 -- 11:31:52 - <Info> - compiled with -fstack-protector
30/1/2013 -- 11:31:52 - <Info> - compiled with _FORTIFY_SOURCE=2
30/1/2013 -- 11:31:52 - <Info> - compiled with libhtp 0.2.11, linked against 0.2.11

I've not used any custom rules, just a fairly up to date version of the standard rule set.

Actions

Also available in: Atom PDF