Actions
Bug #5211
closeddetect/frames: crash with detect.profiling.grouping.dump-to-disk
Affected Versions:
Effort:
Difficulty:
Label:
Description
Enabling detect.profiling.grouping.dump-to-disk
(may or may not require --enable-profiling
) leads to a ASAN error in sip-body-frames
:
[987240] 29/3/2022 -- 15:29:43 - (suricata.c:1142) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (9537d119b 2022-03-29) running in USER mode ================================================================= ==987240==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7fffa918e900 at pc 0x000000ee4a42 bp 0x7fffa91692b0 sp 0x7fffa91692a8 READ of size 4 at 0x7fffa918e900 thread T0 (Suricata-Main) #0 0xee4a41 in RulesGroupPrintSghStats /home/victor/devel/eidps/src/detect-engine-build.c:731:38 #1 0xee1520 in RulesDumpGrouping /home/victor/devel/eidps/src/detect-engine-build.c:914:25 #2 0xee0e02 in SigAddressPrepareStage4 /home/victor/devel/eidps/src/detect-engine-build.c:1856:9 #3 0xee205b in SigGroupBuild /home/victor/devel/eidps/src/detect-engine-build.c:1977:9 #4 0xf6378d in SigLoadSignatures /home/victor/devel/eidps/src/detect-engine-loader.c:373:9 #5 0x9ec5dd in LoadSignatures /home/victor/devel/eidps/src/suricata.c:2329:9 #6 0x9ec169 in PostConfLoadedDetectSetup /home/victor/devel/eidps/src/suricata.c:2481:17 #7 0x9efbe7 in SuricataMain /home/victor/devel/eidps/src/suricata.c:2916:5 #8 0x9eb1ae in main /home/victor/devel/eidps/src/main.c:22:12 #9 0x7fc6a43840b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #10 0x93eedd in _start (/home/victor/sync/devel/eidps/src/suricata+0x93eedd) Address 0x7fffa918e900 is located in stack of thread T0 (Suricata-Main) SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/victor/devel/eidps/src/detect-engine-build.c:731:38 in RulesGroupPrintSghStats Shadow bytes around the buggy address: 0x100075229cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d10: 00 00 00 00 00 00 00 00 00 00 00 00 cb cb cb cb =>0x100075229d20:[ca]ca ca ca 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x100075229d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==987240==ABORTING
Updated by Victor Julien about 2 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Victor Julien almost 2 years ago
- Target version changed from 7.0.0-rc2 to 7.0.1
Updated by Victor Julien over 1 year ago
- Assignee changed from Victor Julien to OISF Dev
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.1 to 7.0.2
Updated by Jeff Lucovsky over 1 year ago
- Status changed from Assigned to In Review
- Assignee changed from OISF Dev to Jeff Lucovsky
Updated by Jeff Lucovsky over 1 year ago
- Status changed from In Review to Closed
Actions