Bug #4568
closedDouble free in suricata-5.0.3
Description
We have implemented fiberblaze interface to read packets in suricata
Read loop looks like
{
//Read packet from fiberblaze
PacketGetFromQueueOrAlloc()
PacketSetData
TmThreadsSlotProcessPkt
StatsSyncCountersIfSignalled
PacketFreeOrRelease
}
There is nothing under thread deinit.
We are seeing double free being reported in logs when suricata is stopped.
Jul 23 09:38:37 u4 suricata: 23/7/2021 - 09:38:37 - <Notice> - Signal Received. Stopping engine.
Jul 23 09:38:38 -u4 suricata: * Error in `/opt/suricata/bin/suricata': double free or corruption (out): 0x00007fc48535ff10 *
Jul 23 09:38:38 -u4 suricata: ======= Backtrace: =========
Jul 23 09:38:38 -u4 suricata: /lib64/libc.so.6(+0x7c619)[0x7fc49ba57619]
Jul 23 09:38:38 -u4 suricata: /opt/suricata/bin/suricata(+0x26bef0)[0x558f858abef0]
Jul 23 09:38:38 -u4 suricata: /opt/suricata/bin/suricata(+0x271aa9)[0x558f858b1aa9]
Jul 23 09:38:38 -u4 suricata: /lib64/libpthread.so.0(+0x7e25)[0x7fc49d162e25]
Jul 23 09:38:38 -u4 suricata: /lib64/libc.so.6(clone+0x6d)[0x7fc49bad334d]
By attaching to gdb, Looks like flow manager cleanup and PacketPoolDestroy are both freeing same pointer. But am not sure.
Can you let me know if there is some issue in the way we pass packets to suricata or if there is any known issue related to this.
Files