Project

General

Profile

Actions
Copy link

Bug #103

closed

valgrind report errors with pppoe decoder unittests on 64 bits

Added by Pablo Rincon about 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Pablo Rincon
Target version:
0.8.2
Affected Versions:
Effort:
Difficulty:
Label:

Description

  1. file .libs/suricata
    .libs/suricata: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, not stripped
  1. valgrind --log-file=vgerr.txt --num-callers=40 --show-reachable=yes v --trace-children=yes --track-origins=yes ./suricata -u
    ...
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F77: DecodePPPOEDiscovery (decode-pppoe.c:81)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F86: DecodePPPOEDiscovery (decode-pppoe.c:87)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F9C: DecodePPPOEDiscovery (decode-pppoe.c:74)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412FA7: DecodePPPOEDiscovery (decode-pppoe.c:74)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 Use of uninitialised value of size 8
    17361 at 0x412F40: DecodePPPOEDiscovery (decode-pppoe.c:76)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    --17361-     REDIR: 0x5d47fb0 (unsetenv) redirected to 0x4c29220 (unsetenv)
    --17361-- REDIR: 0x5d48490 (setenv) redirected to 0x4c292b0 (setenv)
    --17361-- Discarding syms at 0x11086020-0x1108dc48 in /lib/libnss_files-2.9.so due to munmap()
    17361
    17361 ERROR SUMMARY: 38 errors from 5 contexts (suppressed: 27 from 4)
    17361
    17361 7 errors in context 1 of 5:
    17361 Use of uninitialised value of size 8
    17361 at 0x412F40: DecodePPPOEDiscovery (decode-pppoe.c:76)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 7 errors in context 2 of 5:
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412FA7: DecodePPPOEDiscovery (decode-pppoe.c:74)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 8 errors in context 3 of 5:
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F9C: DecodePPPOEDiscovery (decode-pppoe.c:74)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 8 errors in context 4 of 5:
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F86: DecodePPPOEDiscovery (decode-pppoe.c:87)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    17361
    17361 8 errors in context 5 of 5:
    17361 Conditional jump or move depends on uninitialised value(s)
    17361 at 0x412F77: DecodePPPOEDiscovery (decode-pppoe.c:81)
    17361 by 0x413A0B: DecodePPPOEtest03 (decode-pppoe.c:290)
    17361 by 0x4DA16A: UtRunTests (util-unittest.c:182)
    17361 by 0x4052C5: main (suricata.c:746)
    17361 Uninitialised value was created by a stack allocation
    17361 at 0x413860: DecodePPPOEtest03 (decode-pppoe.c:271)
    --17361--
    --17361-- supp: 1 dl-hack4-64bit-addr-1
    --17361-- supp: 16 dl-hack3-cond-1
    --17361-- supp: 1 dl-hack4-64bit-addr-2
    --17361-- supp: 9 Debian libc6 (2.9.x) stripped dynamic linker
    17361
    17361 IN SUMMARY: 38 errors from 5 contexts (suppressed: 27 from 4)

Files

0001-Bug-103-bound-checks-at-pppoe-added-macros-for-4bi.patch (4.82 KB) 0001-Bug-103-bound-checks-at-pppoe-added-macros-for-4bi.patch Pablo Rincon, 03/02/2010 09:34 AM
Actions
Copy link
 #1

Updated by Pablo Rincon about 14 years ago

  • Assignee changed from OISF Dev to Pablo Rincon
Actions
Copy link
 #2

Updated by Victor Julien about 14 years ago

  • Due date set to 03/13/2010
  • Target version set to 0.8.2
  • Estimated time set to 2.00 h
Actions
Copy link
 #3

Updated by Pablo Rincon about 14 years ago

  • File 0001-Fixes-for-bug-103-created-bitmask-for-4bit-fields.patch added
  • File 0002-Adding-unittests-for-the-new-pppoe-macros.patch added
  • % Done changed from 0 to 100

Added macros for accesing 4 bit fields declaring just one shared var for version and type.
Added inbound checks at the Discovery tag loop (that was the problem of the bug, jumping out of bounds and using garbage data).
Added unittests for the version and type macros added.

Actions
Copy link
 #4

Updated by Pablo Rincon about 14 years ago

  • File deleted (0001-Fixes-for-bug-103-created-bitmask-for-4bit-fields.patch)
Actions
Copy link
 #5

Updated by Pablo Rincon about 14 years ago

  • File deleted (0002-Adding-unittests-for-the-new-pppoe-macros.patch)
Actions
Copy link
 #6

Updated by Pablo Rincon about 14 years ago

Added macros for accesing 4 bit fields declaring just one shared var for version and type.
Added inbound checks at the Discovery tag loop (that was the problem of the bug, jumping out of bounds and using garbage data).
Added unittests for the version and type macros added.

Actions
Copy link
 #7

Updated by Victor Julien about 14 years ago

  • Status changed from New to Closed

Patch applied, thanks Pablo.

Actions
Copy link

Also available in: Atom PDF