Project

General

Profile

Actions
Copy link

Bug #2458

closed

memleak: gitmaster - 4.1.0-dev (rev c60decd)

Added by Peter Manev about 6 years ago. Updated over 1 year ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Seeing some ftp related memleaks it seams with gitmaster - 4.1.0-dev (rev c60decd) on live traffic.

==1217==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 64 byte(s) in 2 object(s) allocated from:
    #0 0x4bfdd0 in calloc (/usr/local/bin/suricata+0x4bfdd0)
    #1 0x629872 in FTPCalloc /home/pevman/tests/git/suricata/src/app-layer-ftp.c:154:11
    #2 0x62776b in FTPParseRequest /home/pevman/tests/git/suricata/src/app-layer-ftp.c:441:51
    #3 0x6638a3 in AppLayerParserParse /home/pevman/tests/git/suricata/src/app-layer-parser.c:1142:13
    #4 0x527985 in AppLayerHandleTCPData /home/pevman/tests/git/suricata/src/app-layer.c:635:17
    #5 0xc8a52b in ReassembleUpdateAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1063:13
    #6 0xc89397 in StreamTcpReassembleAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1136:12
    #7 0xc8fc83 in StreamTcpReassembleHandleSegmentUpdateACK /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1685:9
    #8 0xc8f94a in StreamTcpReassembleHandleSegment /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1724:9
    #9 0xc77200 in HandleEstablishedPacketToClient /home/pevman/tests/git/suricata/src/stream-tcp.c:2360:9
    #10 0xc2af1a in StreamTcpPacketStateEstablished /home/pevman/tests/git/suricata/src/stream-tcp.c:2597:13
    #11 0xc11d22 in StreamTcpPacket /home/pevman/tests/git/suricata/src/stream-tcp.c:4643:20
    #12 0xc530ec in StreamTcp /home/pevman/tests/git/suricata/src/stream-tcp.c:5018:11
    #13 0xa15c4d in FlowWorker /home/pevman/tests/git/suricata/src/flow-worker.c:216:9
    #14 0xcc42dd in TmThreadsSlotVarRun /home/pevman/tests/git/suricata/src/tm-threads.c:145:17
    #15 0xbd15bb in TmThreadsSlotProcessPkt /home/pevman/tests/git/suricata/src/./tm-threads.h:147:9
    #16 0xbce06d in AFPParsePacketV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1116:9
    #17 0xbcc7a0 in AFPWalkBlock /home/pevman/tests/git/suricata/src/source-af-packet.c:1131:13
    #18 0xbbcc37 in AFPReadFromRingV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1170:13
    #19 0xbb969e in ReceiveAFPLoop /home/pevman/tests/git/suricata/src/source-af-packet.c:1559:17
    #20 0xcd6cee in TmThreadsSlotPktAcqLoop /home/pevman/tests/git/suricata/src/tm-threads.c:348:13
    #21 0x7fdce678d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

Indirect leak of 80 byte(s) in 2 object(s) allocated from:
    #0 0x4bfdd0 in calloc (/usr/local/bin/suricata+0x4bfdd0)
    #1 0x629872 in FTPCalloc /home/pevman/tests/git/suricata/src/app-layer-ftp.c:154:11
    #2 0x62783a in FTPParseRequest /home/pevman/tests/git/suricata/src/app-layer-ftp.c:446:39
    #3 0x6638a3 in AppLayerParserParse /home/pevman/tests/git/suricata/src/app-layer-parser.c:1142:13
    #4 0x527985 in AppLayerHandleTCPData /home/pevman/tests/git/suricata/src/app-layer.c:635:17
    #5 0xc8a52b in ReassembleUpdateAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1063:13
    #6 0xc89397 in StreamTcpReassembleAppLayer /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1136:12
    #7 0xc8fc83 in StreamTcpReassembleHandleSegmentUpdateACK /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1685:9
    #8 0xc8f94a in StreamTcpReassembleHandleSegment /home/pevman/tests/git/suricata/src/stream-tcp-reassemble.c:1724:9
    #9 0xc77200 in HandleEstablishedPacketToClient /home/pevman/tests/git/suricata/src/stream-tcp.c:2360:9
    #10 0xc2af1a in StreamTcpPacketStateEstablished /home/pevman/tests/git/suricata/src/stream-tcp.c:2597:13
    #11 0xc11d22 in StreamTcpPacket /home/pevman/tests/git/suricata/src/stream-tcp.c:4643:20
    #12 0xc530ec in StreamTcp /home/pevman/tests/git/suricata/src/stream-tcp.c:5018:11
    #13 0xa15c4d in FlowWorker /home/pevman/tests/git/suricata/src/flow-worker.c:216:9
    #14 0xcc42dd in TmThreadsSlotVarRun /home/pevman/tests/git/suricata/src/tm-threads.c:145:17
    #15 0xbd15bb in TmThreadsSlotProcessPkt /home/pevman/tests/git/suricata/src/./tm-threads.h:147:9
    #16 0xbce06d in AFPParsePacketV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1116:9
    #17 0xbcc7a0 in AFPWalkBlock /home/pevman/tests/git/suricata/src/source-af-packet.c:1131:13
    #18 0xbbcc37 in AFPReadFromRingV3 /home/pevman/tests/git/suricata/src/source-af-packet.c:1170:13
    #19 0xbb969e in ReceiveAFPLoop /home/pevman/tests/git/suricata/src/source-af-packet.c:1559:17
    #20 0xcd6cee in TmThreadsSlotPktAcqLoop /home/pevman/tests/git/suricata/src/tm-threads.c:348:13
    #21 0x7fdce678d6b9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76b9)

build-info attached.

Files

build-info (3.58 KB) build-info Peter Manev, 03/19/2018 05:50 PM

Related issues 2 (0 open2 closed)

Related to Suricata - Bug #3118: asan leaks with 5.0.0-dev (9e126b210 2019-08-07)ClosedActions
Related to Suricata - Bug #3378: ftp: asan detects leaks of expectationsClosedEric LeblondActions
Actions
Copy link
 #1

Updated by Victor Julien about 6 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD

No pcap I assume?

Actions
Copy link
 #2

Updated by Peter Manev about 6 years ago

Unfortunately not. It happens on one of the live traffic test boxes and not all the time (every day).

Actions
Copy link
 #3

Updated by Eric Leblond about 6 years ago

I've tried to play my FTP pcap sample by just looking at port 21 but no leak were seen. I was expecting a potential problem with the cleaning of expectation but it does not seem to be the case.

Actions
Copy link
 #4

Updated by Alexander Gozman about 6 years ago

Eric Leblond wrote:

I've tried to play my FTP pcap sample by just looking at port 21 but no leak were seen. I was expecting a potential problem with the cleaning of expectation but it does not seem to be the case.

Could it be that AppLayerExpectationHandle() leaks memory? For instance (app-layer-expectation.c:310):

exp->data = NULL;
exp = RemoveExpectationAndGetNext(ipp, pexp, exp, lexp);
continue;

The place looks strange to me, especially when exp->data is not NULLed below when cleaning up old entries. However I don't know all the details and may be wrong.

Actions
Copy link
 #5

Updated by Victor Julien almost 5 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
Actions
Copy link
 #6

Updated by Jeff Lucovsky almost 5 years ago

Victor Julien wrote:

Looks similar to https://github.com/OISF/suricata/pull/3827#discussion_r281012429

That was a different issue, caused by changes in the PR itself.

Actions
Copy link
 #7

Updated by Jeff Lucovsky over 4 years ago

  • Related to Bug #3118: asan leaks with 5.0.0-dev (9e126b210 2019-08-07) added
Actions
Copy link
 #8

Updated by Jeff Lucovsky over 4 years ago

  • Related to Bug #3378: ftp: asan detects leaks of expectations added
Actions
Copy link
 #9

Updated by Victor Julien almost 4 years ago

Is this still relevant? Anyone still observing it?

Actions
Copy link
 #10

Updated by Peter Manev almost 4 years ago

not me, not anymore.

Actions
Copy link
 #11

Updated by Victor Julien almost 2 years ago

  • Status changed from Assigned to Closed
  • Assignee deleted (Jeff Lucovsky)
  • Target version deleted (TBD)
Actions
Copy link
 #12

Updated by Victor Julien over 1 year ago

  • Status changed from Closed to Rejected

Duplicate of #3455

Actions
Copy link

Also available in: Atom PDF