Project

General

Profile

Actions
Copy link

Bug #76

closed

Processing the attached pcap causes a Segv inside of AppLayerHandleMsg at exit

Added by Will Metcalf almost 15 years ago. Updated almost 15 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Gurvinder Singh
Target version:
0.8.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

ulimit c unlimited; src/suricata -c suricata.yaml -r ./tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 -l ./
...
[424] 28/1/2010 - 07:32:41 - (alert-fastlog.c:231) <Info> (AlertFastLogInitCtx) -- Fast log output registered, filename: fast.log
[424] 28/1/2010 -- 07:32:41 - (tm-threads.c:1141) <Info> (TmThreadWaitOnThreadInit) -- all 6 packet processing threads, 3 management threads initialized, engine started.
ReceivePcap: code 0 error
- (ReceivePcapFile) Packets 46, bytes 26804.
[424] 28/1/2010 -- 07:32:41 - (suricata.c:700) <Info> (main) -- signal received
[424] 28/1/2010 -- 07:32:41 - (suricata.c:703) <Info> (main) -- SIGINT or EngineStop received
Segmentation fault (core dumped)

#0 0x000000000049a47d in AppLayerHandleMsg (dp_ctx=0x7ffab80008b8, smsg=0x7ffab8d49160) at app-layer-detect-proto.c:359
359 TcpSession *ssn = smsg->flow->protoctx;
(gdb) bt full
#0 0x000000000049a47d in AppLayerHandleMsg (dp_ctx=0x7ffab80008b8, smsg=0x7ffab8d49160) at app-layer-detect-proto.c:359
alproto = 0
r = 0
ssn = 0x7ffab8cfd010
#1 0x000000000048eb8c in StreamTcpReassembleProcessAppLayer (ra_ctx=0x7ffab80008b0) at stream-tcp-reassemble.c:1523
smsg = 0x7ffab8d49160
r = 0
#2 0x000000000048a00c in StreamTcpPacket (tv=0x25cc510, p=0x22c7730, stt=0x28f17d0) at stream-tcp.c:2407
ssn = 0x7ffab8cfd010
#3 0x000000000048a0a6 in StreamTcp (tv=0x25cc510, p=0x22c7730, data=0x28f17d0, pq=0x25cc610) at stream-tcp.c:2425
stt = 0x28f17d0
ret = TM_ECODE_OK
#4 0x000000000047bda8 in TmThreadsSlot1 (td=0x25cc510) at tm-threads.c:325
tv = 0x25cc510
s = 0x25cc5e0
p = 0x22c7730
run = 1 '\001'
r = TM_ECODE_OK
#5 0x00007ffabeea1a04 in start_thread (arg=<value optimized out>) at pthread_create.c:300
__res = <value optimized out>
pd = 0x7ffabd1c1910
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140714891286800, -1255621217088961140, 140735213154592, 0, 0, 3, 1253787540055917964, 1253793947888387468}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {
prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <value optimized out>
robust = <value optimized out>
#6 0x00007ffabe7bc80d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
No locals.
#7 0x0000000000000000 in ?? ()
No symbol table info available.

Files

Download all files
tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 (26.9 KB) tcpdump-5of8-fuzz-2010-01-28-05-27-16-1 pcap causes segv inside of AppLayerHandleMsg at exit Will Metcalf, 01/28/2010 07:26 AM
0001-bug-76-patch.patch (4.91 KB) 0001-bug-76-patch.patch Gurvinder Singh, 01/28/2010 10:53 AM
Actions
Copy link

Also available in: Atom PDF