Project

General

Profile

Actions
Copy link

Bug #183

closed

segv inside of ThresholdTimeoutRemove()

Added by Will Metcalf almost 14 years ago. Updated almost 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
1.0.0
Affected Versions:
Effort:
Difficulty:
Label:

Description

Somewhat hard to reproduce bug, and hard to trim the pcap as it's threshold related. Contact me for pcap download.

(gdb) bt full
#0 0x080846e0 in ThresholdTimeoutRemove (de_ctx=0x8e3bd20, tv=0x8ad6aec) at detect-engine-threshold.c:180
tsh = 0xabff7fd8
next = 0xa48c9bc0
buck = 0xabff7f90
#1 0x08085590 in PacketAlertThreshold (de_ctx=0x8e3bd20, det_ctx=0xcb08bb0, td=0x9baf110, p=0x8ad6ab8, s=0x9baff50) at detect-engine-threshold.c:553
ret = 0
lookup_tsh = 0xad0f7f90
ste = {tv_timeout = 4, seconds = 60, sid = 2001579, tv_sec1 = 52136, current_count = 3048655784, addr = {family = 2 '\002', address = {address_un_data32 = {4150591242, 0, 0, 0}, address_un_data16 = {65290, 63332, 0, 0, 0, 0, 0,
0}, address_un_data8 = "\n\377d\367", '\000' <repeats 11 times>}}, gid = 0 '\000', ipv = 4 '\004', track = 2 '\002'}
#2 0x0808450f in PacketAlertHandle (de_ctx=0x8e3bd20, det_ctx=0xcb08bb0, s=0x9baff50, p=0x8ad6ab8, pos=0) at detect-engine-threshold.c:79
ret = 0
td = 0x9baf110
#3 0x0807b908 in PacketAlertFinalize (de_ctx=0x8e3bd20, det_ctx=0xcb08bb0, p=0x8ad6ab8) at detect-engine-alert.c:154
res = 163184779
i = 0
s = 0x9baff50
#4 0x08074450 in SigMatchSignatures (th_v=0xb5b6cab8, de_ctx=0x8e3bd20, det_ctx=0xcb08bb0, p=0x8ad6ab8) at detect.c:934
match = 1
fmatch = 1
s = 0xc90e750
sm = 0x0
idx = 773
alproto = 0
alstate = 0x0
flags = 32 ' '
cnt = 0
sgh = 0x0
use_flow_sgh = 0 '\000'
smsg = 0x0
no_store_flow_sgh = 0 '\000'
de_state_start = 1 '\001'
#5 0x0807467d in Detect (tv=0xb5b6cab8, p=0x8ad6ab8, data=0xcb08bb0, pq=0xb5b6cb50, postpq=0xb5b6cba8) at detect.c:1007
det_ctx = 0xcb08bb0
de_ctx = 0x8e3bd20
r = 4
#6 0x0810e94b in TmThreadsSlot1 (td=0xb5b6cab8) at tm-threads.c:406
tv = 0xb5b6cab8
s = 0xb5b6cb38
p = 0x8ad6ab8
run = 1 '\001'
r = TM_ECODE_OK
#7 0xb774396e in start_thread (arg=0xb28fcb70) at pthread_create.c:300
res = <value optimized out>
__ignore1 = <value optimized out>
__ignore2 = <value optimized out>
pd = 0xb28fcb70
now = <value optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {-1217052684, 0, 4001536, -1299200920, -2052862496, 1918284267}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
freesize = <value optimized out>
__PRETTY_FUNCTION = "start_thread"
#8 0xb7661a4e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
No locals.

Actions
Copy link

Also available in: Atom PDF