Actions
Bug #5211
closeddetect/frames: crash with detect.profiling.grouping.dump-to-disk
Affected Versions:
Effort:
Difficulty:
Label:
Description
Enabling detect.profiling.grouping.dump-to-disk (may or may not require --enable-profiling) leads to a ASAN error in sip-body-frames:
[987240] 29/3/2022 -- 15:29:43 - (suricata.c:1142) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (9537d119b 2022-03-29) running in USER mode
=================================================================
==987240==ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address 0x7fffa918e900 at pc 0x000000ee4a42 bp 0x7fffa91692b0 sp 0x7fffa91692a8
READ of size 4 at 0x7fffa918e900 thread T0 (Suricata-Main)
#0 0xee4a41 in RulesGroupPrintSghStats /home/victor/devel/eidps/src/detect-engine-build.c:731:38
#1 0xee1520 in RulesDumpGrouping /home/victor/devel/eidps/src/detect-engine-build.c:914:25
#2 0xee0e02 in SigAddressPrepareStage4 /home/victor/devel/eidps/src/detect-engine-build.c:1856:9
#3 0xee205b in SigGroupBuild /home/victor/devel/eidps/src/detect-engine-build.c:1977:9
#4 0xf6378d in SigLoadSignatures /home/victor/devel/eidps/src/detect-engine-loader.c:373:9
#5 0x9ec5dd in LoadSignatures /home/victor/devel/eidps/src/suricata.c:2329:9
#6 0x9ec169 in PostConfLoadedDetectSetup /home/victor/devel/eidps/src/suricata.c:2481:17
#7 0x9efbe7 in SuricataMain /home/victor/devel/eidps/src/suricata.c:2916:5
#8 0x9eb1ae in main /home/victor/devel/eidps/src/main.c:22:12
#9 0x7fc6a43840b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16
#10 0x93eedd in _start (/home/victor/sync/devel/eidps/src/suricata+0x93eedd)
Address 0x7fffa918e900 is located in stack of thread T0 (Suricata-Main)
SUMMARY: AddressSanitizer: dynamic-stack-buffer-overflow /home/victor/devel/eidps/src/detect-engine-build.c:731:38 in RulesGroupPrintSghStats
Shadow bytes around the buggy address:
0x100075229cd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229ce0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229cf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d10: 00 00 00 00 00 00 00 00 00 00 00 00 cb cb cb cb
=>0x100075229d20:[ca]ca ca ca 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100075229d70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==987240==ABORTING
Updated by Victor Julien about 3 years ago
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Victor Julien
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien almost 3 years ago
- Target version changed from 7.0.0-rc1 to 7.0.0-rc2
Updated by Victor Julien over 2 years ago
- Target version changed from 7.0.0-rc2 to 7.0.1
Updated by Victor Julien about 2 years ago
- Assignee changed from Victor Julien to OISF Dev
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.1 to 7.0.2
Updated by Jeff Lucovsky about 2 years ago
- Status changed from Assigned to In Review
- Assignee changed from OISF Dev to Jeff Lucovsky
Updated by Jeff Lucovsky about 2 years ago
- Status changed from In Review to Closed
Actions