Bug #935
closedSegfault when file extraction is enabled
Description
I have one rule enabled to extract "PE32 executable" files. Suricata will consistently segfault after a few hours of running with an error like this:
[468573.634022] AFPacketeth2107763: segfault at 31d89dbcf18 ip 0000031da889509b sp 0000031d89dbcf20 error 6 in libc-2.17.so[31da8871000+1a2000]
I've attached the gdb.txt output for review.
Files
Updated by Anoop Saldanha over 10 years ago
Looking at the call explosion on thread1, wondering if this is a bug with libmagic.
Updated by Victor Julien over 10 years ago
Indeed. It would be interesting if we could get the full 512 bytes that are sent as 'bug' to libmagic on:
#47509 0x0000002f2e7ac175 in MagicThreadLookup (ctx=0x31d7072bc50, buf=0x31a22181b60 "\312\376\272\276", buflen=512) at util-magic.c:129
Updated by Cooper Nelson over 10 years ago
I believe this is fixed by using the current revision of libmagic, v. 5.15.
Updated by Victor Julien almost 8 years ago
- Status changed from New to Closed
- Target version deleted (
TBD)