Project

General

Profile

Actions
Copy link

Bug #2144

closed

rust: panic in dns/tcp

Added by Victor Julien almost 7 years ago. Updated almost 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
4.0rc1
Affected Versions:
Effort:
Difficulty:
Label:

Description

#0  0x0000000000a2b3ad in rust_panic ()
#1  0x0000000000a12d83 in sys_common::unwind::begin_unwind_inner::hd4253a1812044857bct ()
#2  0x0000000000a136e9 in sys_common::unwind::begin_unwind_fmt::h281339998baa4cbdhbt ()
#3  0x0000000000a41262 in rust_begin_unwind ()
#4  0x0000000000a57320 in panicking::panic_fmt::h0d7335d3d6686f32zYL ()
#5  0x0000000000a57e19 in panicking::panic::h64c7ea62c5c222316WL ()
#6  0x00000000009e42d5 in suricata::vec::Vec<T>::drain<core::ops::Range<usize>> (
    self=<optimized out>, range=...) at <core macros>:4
#7  suricata::dns::dns::DNSState::parse_response_tcp (self=<optimized out>, input=...)
    at src/dns/dns.rs:527
#8  0x00000000004b4503 in RustDNSTCPParseResponse (f=0x612000fd5f40, state=0x60b000332c90, 
    pstate=0x604002224110, input=0x61d000129880 "\005\237\302Ѐ\020", input_len=1440, 
    local_data=0x0) at app-layer-dns-tcp-rust.c:49
#9  0x00000000004e4b6c in AppLayerParserParse (tv=0x61200004c3c0, alp_tctx=0x6180000af880, 
    f=0x612000fd5f40, alproto=13, flags=9 '\t', input=0x61d000129880 "\005\237\302Ѐ\020", 
    input_len=1440) at app-layer-parser.c:1052
#10 0x000000000042c76b in TCPProtoDetect (tv=0x61200004c3c0, ra_ctx=0x60300007df80, 
    app_tctx=0x6020000afdb0, p=0x61e0001f0880, f=0x612000fd5f40, ssn=0x6120001bd540, 
    stream=0x6120001bd550, data=0x61d000129880 "\005\237\302Ѐ\020", data_len=1440, 
    flags=9 '\t') at app-layer.c:421

I was not able to capture more info at this time.
Actions
Copy link
 #1

Updated by Victor Julien almost 7 years ago

Another:

#0  0x0000000000a3275d in rust_panic ()
#1  0x0000000000a1a133 in sys_common::unwind::begin_unwind_inner::hd4253a1812044857bct ()
#2  0x0000000000a1aa99 in sys_common::unwind::begin_unwind_fmt::h281339998baa4cbdhbt ()
#3  0x0000000000a48612 in rust_begin_unwind ()
#4  0x0000000000a5e6d0 in panicking::panic_fmt::h0d7335d3d6686f32zYL ()
#5  0x0000000000a5f1c9 in panicking::panic::h64c7ea62c5c222316WL ()
#6  0x00000000009e60d5 in suricata::vec::Vec<T>::drain<core::ops::Range<usize>> (self=<optimized out>, range=...) at <core macros>:4
#7  suricata::dns::dns::DNSState::parse_response_tcp (self=<optimized out>, input=...) at src/dns/dns.rs:527
#8  0x00000000004b4503 in RustDNSTCPParseResponse (f=0x612001312e40, state=0x60b00046ab20, pstate=0x604002a7c2d0, input=0x61d000351680 "\005\237|\231\200\020", input_len=1440, local_data=0x0)
    at app-layer-dns-tcp-rust.c:49
#9  0x00000000004e4b6c in AppLayerParserParse (tv=0x61200004c6c0, alp_tctx=0x61800009f880, f=0x612001312e40, alproto=13, flags=9 '\t', input=0x61d000351680 "\005\237|\231\200\020", 
    input_len=1440) at app-layer-parser.c:1053
#10 0x000000000042c76b in TCPProtoDetect (tv=0x61200004c6c0, ra_ctx=0x60300005ff80, app_tctx=0x6020000b4db0, p=0x61e0000c9c80, f=0x612001312e40, ssn=0x6120007b1fc0, stream=0x6120007b1fd0, 
    data=0x61d000351680 "\005\237|\231\200\020", data_len=1440, flags=9 '\t') at app-layer.c:421
#11 0x000000000042ceac in AppLayerHandleTCPData (tv=0x61200004c6c0, ra_ctx=0x60300005ff80, p=0x61e0000c9c80, f=0x612001312e40, ssn=0x6120007b1fc0, stream=0x6120007b1fd0, 
    data=0x61d000351680 "\005\237|\231\200\020", data_len=1440, flags=9 '\t') at app-layer.c:561
#12 0x0000000000857b9d in ReassembleUpdateAppLayer (tv=0x61200004c6c0, ra_ctx=0x60300005ff80, ssn=0x6120007b1fc0, stream=0x6120007b1fd0, p=0x61e0000c9c80, dir=UPDATE_DIR_PACKET)
    at stream-tcp-reassemble.c:1030
#13 0x0000000000857fd0 in StreamTcpReassembleAppLayer (tv=0x61200004c6c0, ra_ctx=0x60300005ff80, ssn=0x6120007b1fc0, stream=0x6120007b1fd0, p=0x61e0000c9c80, dir=UPDATE_DIR_PACKET)
    at stream-tcp-reassemble.c:1102
#14 0x000000000085afb2 in StreamTcpReassembleHandleSegment (tv=0x61200004c6c0, ra_ctx=0x60300005ff80, ssn=0x6120007b1fc0, stream=0x6120007b1fd0, p=0x61e0000c9c80, pq=0x60e000068e88)
    at stream-tcp-reassemble.c:1718
#15 0x0000000000826bff in HandleEstablishedPacketToClient (tv=0x61200004c6c0, ssn=0x6120007b1fc0, p=0x61e0000c9c80, stt=0x60e000068e80, pq=0x60e000068e88) at stream-tcp.c:2263
#16 0x0000000000829433 in StreamTcpPacketStateEstablished (tv=0x61200004c6c0, p=0x61e0000c9c80, stt=0x60e000068e80, ssn=0x6120007b1fc0, pq=0x60e000068e88) at stream-tcp.c:2504
#17 0x0000000000844c82 in StreamTcpPacket (tv=0x61200004c6c0, p=0x61e0000c9c80, stt=0x60e000068e80, pq=0x60d0000bc790) at stream-tcp.c:4550
#18 0x000000000084678e in StreamTcp (tv=0x61200004c6c0, p=0x61e0000c9c80, data=0x60e000068e80, pq=0x60d0000bc790, postpq=0x0) at stream-tcp.c:4914
#19 0x00000000006f559e in FlowWorker (tv=0x61200004c6c0, p=0x61e0000c9c80, data=0x60d0000bc770, preq=0x61200004c580, unused=0x61200004c5f0) at flow-worker.c:215
#20 0x0000000000875a8b in TmThreadsSlotVarRun (tv=0x61200004c6c0, p=0x61e0000c9c80, slot=0x61200004c540) at tm-threads.c:128
#21 0x0000000000877926 in TmThreadsSlotVar (td=0x61200004c6c0) at tm-threads.c:585
#22 0x00007ffff502f6ba in start_thread (arg=0x7fffefa6f700) at pthread_create.c:333
#23 0x00007ffff3f8d82d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
(gdb) f 7
#7  suricata::dns::dns::DNSState::parse_response_tcp (self=<optimized out>, input=...) at src/dns/dns.rs:527
527                 let msg: Vec<u8> = self.response_buffer.drain(0..(size + 2))
(gdb) print *self
value has been optimized out
(gdb) print *self.response_buffer 
value has been optimized out
(gdb) print size
$1 = <optimized out>

Actions
Copy link
 #2

Updated by Victor Julien almost 7 years ago

  • Status changed from Assigned to Closed
  • Priority changed from High to Normal
  • Target version changed from 70 to 4.0rc1
Actions
Copy link

Also available in: Atom PDF