================================================================= AddressSanitizer: heap-buffer-overflow on address 0x61d00786ac80 at pc 0x7f2d377289ef bp 0x7f2d2ef525d0 sp 0x7f2d2ef51d90 WRITE of size 16294 at 0x61d00786ac80 thread T1 (W#01-eth1) #0 0x7f2d377289ee in __interceptor_memcpy (/lib64/libasan.so.8+0x6e9ee) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599) #1 0x7b66ba in StreamingBufferAppend (/usr/sbin/suricata+0x7b66ba) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #2 0x7f15c6 in HtpBodyAppendChunk (/usr/sbin/suricata+0x7f15c6) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #3 0x576e5b in HTPCallbackResponseBodyData (/usr/sbin/suricata+0x576e5b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #4 0x7f2d37676e43 in htp_hook_run_all (/lib64/libhtp.so.2+0x1ae43) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #5 0x7f2d3769123d in htp_tx_res_process_body_data_ex (/lib64/libhtp.so.2+0x3523d) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #6 0x7f2d37688172 in htp_connp_RES_LINE (/lib64/libhtp.so.2+0x2c172) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #7 0x7f2d3768acb4 in htp_connp_res_data (/lib64/libhtp.so.2+0x2ecb4) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #8 0x57d580 in HTPHandleResponseData (/usr/sbin/suricata+0x57d580) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #9 0x58ac7b in AppLayerParserParse (/usr/sbin/suricata+0x58ac7b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #10 0x5622f3 in AppLayerHandleTCPData (/usr/sbin/suricata+0x5622f3) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #11 0x7685a8 in ReassembleUpdateAppLayer (/usr/sbin/suricata+0x7685a8) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #12 0x76b81a in StreamTcpReassembleAppLayer (/usr/sbin/suricata+0x76b81a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #13 0x76b949 in StreamTcpReassembleHandleSegmentUpdateACK (/usr/sbin/suricata+0x76b949) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #14 0x76cf43 in StreamTcpReassembleHandleSegment (/usr/sbin/suricata+0x76cf43) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #15 0x747d91 in HandleEstablishedPacketToServer (/usr/sbin/suricata+0x747d91) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #16 0x74ad9c in StreamTcpPacketStateEstablished (/usr/sbin/suricata+0x74ad9c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #17 0x75c531 in StreamTcpStateDispatch (/usr/sbin/suricata+0x75c531) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #18 0x75cfb1 in StreamTcpPacket (/usr/sbin/suricata+0x75cfb1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #19 0x75d592 in StreamTcp (/usr/sbin/suricata+0x75d592) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #20 0x6c82e2 in FlowWorkerStreamTCPUpdate (/usr/sbin/suricata+0x6c82e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #21 0x6c98d4 in FlowWorker (/usr/sbin/suricata+0x6c98d4) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #22 0x5297fa in TmThreadsSlotVarRun (/usr/sbin/suricata+0x5297fa) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #23 0x71f73c in TmThreadsSlotProcessPkt (/usr/sbin/suricata+0x71f73c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #24 0x71fd20 in AFPParsePacketV3 (/usr/sbin/suricata+0x71fd20) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #25 0x71ff57 in AFPWalkBlock (/usr/sbin/suricata+0x71ff57) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #26 0x720112 in AFPReadFromRingV3 (/usr/sbin/suricata+0x720112) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #27 0x72678a in ReceiveAFPLoop (/usr/sbin/suricata+0x72678a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #28 0x52c8e6 in TmThreadsSlotPktAcqLoop (/usr/sbin/suricata+0x52c8e6) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #29 0x7f2d36f5f896 in start_thread (/lib64/libc.so.6+0x8e896) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273) #30 0x7f2d36fe68c3 in __clone (/lib64/libc.so.6+0x1158c3) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273) 0x61d00786ac80 is located 0 bytes after 2048-byte region [0x61d00786a480,0x61d00786ac80) allocated by thread T1 (W#01-eth1) here: #0 0x7f2d37792cc7 in calloc (/lib64/libasan.so.8+0xd8cc7) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599) #1 0x545a6e in SCCallocFunc (/usr/sbin/suricata+0x545a6e) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #2 0x58096e in HTPCalloc (/usr/sbin/suricata+0x58096e) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #3 0x7ad51b in InitBuffer (/usr/sbin/suricata+0x7ad51b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #4 0x7b60b2 in StreamingBufferInit (/usr/sbin/suricata+0x7b60b2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #5 0x7f169d in HtpBodyAppendChunk (/usr/sbin/suricata+0x7f169d) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #6 0x576e5b in HTPCallbackResponseBodyData (/usr/sbin/suricata+0x576e5b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #7 0x7f2d37676e43 in htp_hook_run_all (/lib64/libhtp.so.2+0x1ae43) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #8 0x7f2d3769123d in htp_tx_res_process_body_data_ex (/lib64/libhtp.so.2+0x3523d) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #9 0x7f2d37688172 in htp_connp_RES_LINE (/lib64/libhtp.so.2+0x2c172) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #10 0x7f2d3768acb4 in htp_connp_res_data (/lib64/libhtp.so.2+0x2ecb4) (BuildId: a46e2bce04337936562470fc9167ed844b1dfacd) #11 0x57d580 in HTPHandleResponseData (/usr/sbin/suricata+0x57d580) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #12 0x58ac7b in AppLayerParserParse (/usr/sbin/suricata+0x58ac7b) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #13 0x5622f3 in AppLayerHandleTCPData (/usr/sbin/suricata+0x5622f3) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #14 0x7685a8 in ReassembleUpdateAppLayer (/usr/sbin/suricata+0x7685a8) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #15 0x76b81a in StreamTcpReassembleAppLayer (/usr/sbin/suricata+0x76b81a) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #16 0x76b949 in StreamTcpReassembleHandleSegmentUpdateACK (/usr/sbin/suricata+0x76b949) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #17 0x76cf43 in StreamTcpReassembleHandleSegment (/usr/sbin/suricata+0x76cf43) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #18 0x747d91 in HandleEstablishedPacketToServer (/usr/sbin/suricata+0x747d91) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #19 0x74ad9c in StreamTcpPacketStateEstablished (/usr/sbin/suricata+0x74ad9c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #20 0x75c531 in StreamTcpStateDispatch (/usr/sbin/suricata+0x75c531) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #21 0x75cfb1 in StreamTcpPacket (/usr/sbin/suricata+0x75cfb1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #22 0x75d592 in StreamTcp (/usr/sbin/suricata+0x75d592) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #23 0x6c82e2 in FlowWorkerStreamTCPUpdate (/usr/sbin/suricata+0x6c82e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #24 0x6c98d4 in FlowWorker (/usr/sbin/suricata+0x6c98d4) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #25 0x5297fa in TmThreadsSlotVarRun (/usr/sbin/suricata+0x5297fa) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #26 0x71f73c in TmThreadsSlotProcessPkt (/usr/sbin/suricata+0x71f73c) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #27 0x71fd20 in AFPParsePacketV3 (/usr/sbin/suricata+0x71fd20) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #28 0x71ff57 in AFPWalkBlock (/usr/sbin/suricata+0x71ff57) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #29 0x720112 in AFPReadFromRingV3 (/usr/sbin/suricata+0x720112) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) Thread T1 (W#01-eth1) created by T0 (Suricata-Main) here: #0 0x7f2d37702956 in pthread_create (/lib64/libasan.so.8+0x48956) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599) #1 0x52d621 in TmThreadSpawn (/usr/sbin/suricata+0x52d621) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #2 0x852ff1 in RunModeSetLiveCaptureWorkersForDevice (/usr/sbin/suricata+0x852ff1) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #3 0x85410f in RunModeSetLiveCaptureWorkers (/usr/sbin/suricata+0x85410f) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #4 0x84d235 in RunModeIdsAFPWorkers (/usr/sbin/suricata+0x84d235) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #5 0x71c2ec in RunModeDispatch (/usr/sbin/suricata+0x71c2ec) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #6 0x526537 in SuricataMain (/usr/sbin/suricata+0x526537) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #7 0x51c7e2 in main (/usr/sbin/suricata+0x51c7e2) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) #8 0x7f2d36ef9149 in __libc_start_call_main (/lib64/libc.so.6+0x28149) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273) #9 0x7f2d36ef920a in __libc_start_main_impl (/lib64/libc.so.6+0x2820a) (BuildId: e0b579ca7024cf12a2686b60cf49d1d9e3ff6273) #10 0x51c714 in _start (/usr/sbin/suricata+0x51c714) (BuildId: b8959cd17c001b271410f82351cc1f4115f21705) AddressSanitizer: heap-buffer-overflow (/lib64/libasan.so.8+0x6e9ee) (BuildId: 2b657470ea196ba4342e3bd8a3cc138b1e200599) in __interceptor_memcpy Shadow bytes around the buggy address: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =>0x61d00786ac80:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==54==ABORTING