Project

General

Profile

Actions

Bug #2074

closed

detect msg: memory leak

Added by Victor Julien almost 8 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Direct leak of 49 byte(s) in 1 object(s) allocated from:
    #0 0x7f3979bc2602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
    #1 0x67c57e in DetectMsgSetup /home/victor/dev/suricata/src/detect-msg.c:127
    #2 0x683afc in SigParseOptions /home/victor/dev/suricata/src/detect-parse.c:704
    #3 0x6854bd in SigParse /home/victor/dev/suricata/src/detect-parse.c:1027
    #4 0x68bc3b in SigInitHelper /home/victor/dev/suricata/src/detect-parse.c:1567
    #5 0x68c3ea in SigInit /home/victor/dev/suricata/src/detect-parse.c:1661
    #6 0x68da84 in DetectEngineAppendSig /home/victor/dev/suricata/src/detect-parse.c:1928
    #7 0x570ba7 in DetectLoadSigFile /home/victor/dev/suricata/src/detect.c:350
    #8 0x57176d in ProcessSigFiles /home/victor/dev/suricata/src/detect.c:415
    #9 0x571e7d in SigLoadSignatures /home/victor/dev/suricata/src/detect.c:475
    #10 0x5d6565 in DetectEngineReload /home/victor/dev/suricata/src/detect-engine.c:2831
    #11 0x8670a1 in PostRunStartedDetectSetup /home/victor/dev/suricata/src/suricata.c:2474
    #12 0x86982c in main /home/victor/dev/suricata/src/suricata.c:2860
    #13 0x7f397728a82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Actions #1

Updated by Andreas Herz over 7 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions #2

Updated by Victor Julien over 7 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Andreas Herz
  • Target version changed from TBD to 70
Actions #3

Updated by Andreas Herz over 7 years ago

Could you tell me what compile options you used and what version of gcc?

I also saw that https://github.com/inliniac/suricata/commit/342059835fe7ec0079ac91a152a0abab516b184f commit so will try runs with that and without it.

Actions #4

Updated by Victor Julien over 7 years ago

alert tcp any any -> any any (msg:"1"; msg:"2"; sid:1;)
LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_OPTIONS="detect_leaks=1 symbolize=1 external_symbolizer_path=/usr/lib/llvm-3.8/bin/llvm-symbolizer" ./src/suricata -l tmp/ -S msg.rules  -T
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:1842) <Info> (ParseCommandLine) -- Running suricata under test mode
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:1100) <Notice> (LogVersion) -- This is Suricata version 4.0dev (rev 2620757)
[23108] 5/5/2017 -- 13:27:49 - (util-file.c:166) <Warning> (FileForceHashParseCfg) -- [ERRCODE: SC_ERR_DEPRECATED_CONF(274)] - deprecated 'force-md5' option found. Please use 'force-hash: [md5]' instead
[23108] 5/5/2017 -- 13:27:49 - (suricata.c:2841) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.

=================================================================
==23108==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 2 byte(s) in 1 object(s) allocated from:
    #0 0x4599c0 in __interceptor_strdup (/home/victor/sync/devel/eidps/src/suricata+0x4599c0)
    #1 0x133b58d in DetectMsgSetup /home/victor/sync/devel/eidps/src/detect-msg.c:106:14
    #2 0x134a639 in SigParseOptions /home/victor/sync/devel/eidps/src/detect-parse.c:764:13
    #3 0x13472cf in SigParse /home/victor/sync/devel/eidps/src/detect-parse.c:1095:19
    #4 0x13507cf in SigInitHelper /home/victor/sync/devel/eidps/src/detect-parse.c:1635:9
    #5 0x134fe70 in SigInit /home/victor/sync/devel/eidps/src/detect-parse.c:1729:16
    #6 0x1351ece in DetectEngineAppendSig /home/victor/sync/devel/eidps/src/detect-parse.c:1996:22
    #7 0xbe5b36 in DetectLoadSigFile /home/victor/sync/devel/eidps/src/detect.c:352:15
    #8 0xb4f137 in ProcessSigFiles /home/victor/sync/devel/eidps/src/detect.c:417:13
    #9 0xb4d412 in SigLoadSignatures /home/victor/sync/devel/eidps/src/detect.c:496:15
    #10 0x199c002 in LoadSignatures /home/victor/sync/devel/eidps/src/suricata.c:2391:9
    #11 0x1992802 in PostConfLoadedDetectSetup /home/victor/sync/devel/eidps/src/suricata.c:2522:17
    #12 0x197b8a9 in main /home/victor/sync/devel/eidps/src/suricata.c:2835:5
    #13 0x7fa8b067682f in __libc_start_main /build/glibc-9tT8Do/glibc-2.23/csu/../csu/libc-start.c:291

SUMMARY: AddressSanitizer: 2 byte(s) leaked in 1 allocation(s).
Actions #5

Updated by Victor Julien over 7 years ago

Looks like etpro had a rule that triggered this, but not anymore.

Actions #6

Updated by Victor Julien over 7 years ago

  • Status changed from Assigned to Closed
  • Target version changed from 70 to 4.0.1
Actions

Also available in: Atom PDF