Bug #187
closedsegv inside of DetectSeqMatch() when processing the attached pcap and rule.
Description
ulimit -c unlimited; src/suricata -c suricata.yaml -r ./suricata41.pcap-fuzz-2010-06-24-00-39-59 -l ./ -s blah.rules
...
Segmentation fault (core dumped)
#0 0x00000000004564d4 in DetectSeqMatch (t=0xf4aa450, det_ctx=0xf4b8a70, p=0xeea2600, s=0xf759b70, m=0xf75a540) at detect-seq.c:79
79 return (data->seq == TCP_GET_SEQ(p)) ? 1 : 0;
(gdb) bt full
#0 0x00000000004564d4 in DetectSeqMatch (t=0xf4aa450, det_ctx=0xf4b8a70, p=0xeea2600, s=0xf759b70, m=0xf75a540) at detect-seq.c:79
data = 0xf75a320
#1 0x000000000042abfa in SigMatchSignatures (th_v=0xf4aa450, de_ctx=0xf499c70, det_ctx=0xf4b8a70, p=0xeea2600) at detect.c:892
match = 0
fmatch = 0
s = 0xf759b70
sm = 0xf75a540
idx = 0
alproto = 0
alstate = 0x0
flags = 0 '\000'
cnt = 0
sgh = 0x0
use_flow_sgh = 0 '\000'
smsg = 0x0
no_store_flow_sgh = 0 '\000'
de_state_start = 1 '\001'
#2 0x000000000042afb9 in Detect (tv=0xf4aa450, p=0xeea2600, data=0xf4b8a70, pq=0xf4aa560, postpq=0xf4aa5d8) at detect.c:1008
det_ctx = 0xf4b8a70
de_ctx = 0xf499c70
r = 0
#3 0x00000000004c2de4 in TmThreadsSlot1 (td=0xf4aa450) at tm-threads.c:406
tv = 0xf4aa450
s = 0xf4aa530
p = 0xeea2600
run = 1 '\001'
r = TM_ECODE_OK
#4 0x00002abd6452373d in start_thread () from /lib64/libpthread.so.0
No symbol table info available.
#5 0x00002abd64c46d1d in clone () from /lib64/libc.so.6
No symbol table info available.
Files
Updated by Victor Julien over 14 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Caused by not strict enough packet cleanup before reuse. This meant it could thing a packet was tcp while it wasn't. Fixed.