[Oisf-devel] Suricata 1.2.1 + OpenBSD 5.1 = segmentation fault

Henri Wahl h.wahl at ifw-dresden.de
Fri May 4 14:29:09 UTC 2012 

Hi,

now i compiled Suricata 1.2.1 this way:

export CCFLAGS=-g
./configure --enable-debug

and get this result, crashing faster than before running with gdb:

4/5/2012 -- 16:23:49 - <Info> - 67 rule files processed. 13395 rules
succesfully loaded, 72 rules failed
4/5/2012 -- 16:24:41 - <Info> - 13404 signatures processed. 3 are
IP-only rules, 4470 are inspecting packet payload, 9841 inspect
application layer, 0 are decoder event only
4/5/2012 -- 16:24:41 - <Info> - building signature grouping structure,
stage 1: adding signatures to signature source addresses... complete
4/5/2012 -- 16:24:43 - <Info> - building signature grouping structure,
stage 2: building source address list... complete
4/5/2012 -- 16:24:51 - <Info> - building signature grouping structure,
stage 3: building destination address lists... complete
4/5/2012 -- 16:24:56 - <Info> - Threshold config parsed: 38 rule(s) found
4/5/2012 -- 16:24:56 - <Info> - Core dump size is unlimited.
4/5/2012 -- 16:24:56 - <Info> - fast output device (regular)
initialized: fast.log
4/5/2012 -- 16:24:56 - <Info> - Unified2-alert initialized: filename
unified2.alert, limit 32 MB
4/5/2012 -- 16:24:56 - <Info> - Using 1 live device(s).
4/5/2012 -- 16:24:56 - <Info> - using interface bge1
4/5/2012 -- 16:24:56 - <Info> - RunModeIdsPcapAuto initialised
4/5/2012 -- 16:24:56 - <Info> - stream "max_sessions": 262144
4/5/2012 -- 16:24:56 - <Info> - stream "prealloc_sessions": 32768
4/5/2012 -- 16:24:56 - <Info> - stream "memcap": 33554432
4/5/2012 -- 16:24:56 - <Info> - stream "midstream" session pickups: disabled
4/5/2012 -- 16:24:56 - <Info> - stream "async_oneside": disabled
4/5/2012 -- 16:24:56 - <Info> - stream "checksum_validation": enabled
4/5/2012 -- 16:24:56 - <Info> - stream."inline": disabled
4/5/2012 -- 16:24:56 - <Info> - stream.reassembly "memcap": 67108864
4/5/2012 -- 16:24:56 - <Info> - stream.reassembly "depth": 1048576
4/5/2012 -- 16:24:56 - <Info> - stream.reassembly "toserver_chunk_size":
2560
4/5/2012 -- 16:24:56 - <Info> - stream.reassembly "toclient_chunk_size":
2560
[New process 26175, thread 0x874a0000]
[New process 26175, thread 0x88a87c00]
[New process 26175, thread 0x88a87800]
[New process 26175, thread 0x88a87400]
[New process 26175, thread 0x88a87000]
[New process 26175, thread 0x7d5bac00]
[New process 26175, thread 0x7d5ba400]
[New process 26175, thread 0x7d5ba000]
4/5/2012 -- 16:24:56 - <Info> - all 12 packet processing threads, 1
management threads initialized, engine started.
[New process 26175, thread 0x7d496400]
[New process 26175]
[New process 26175, thread 0x82be2800]
[New process 26175, thread 0x7d5ba800]
assertion "!(1)" failed: file "detect-engine-hhd.c", line 293, function
"DoInspectHttpHeader"

Program received signal SIGABRT, Aborted.
[Switching to process 26175, thread 0x874a0000]
0x02de682d in kill () from /usr/lib/libc.so.62.0
(gdb) bt
#0  0x02de682d in kill () from /usr/lib/libc.so.62.0
#1  0x02e50845 in abort () at /usr/src/lib/libc/stdlib/abort.c:68
#2  0x02dc2cf0 in __assert2 (file=Could not find the frame base for
"__assert2".
) at /usr/src/lib/libc/gen/assert.c:52
#3  0x1c0a4171 in DoInspectHttpHeader ()
#4  0x1c0a3931 in DoInspectHttpHeader ()
#5  0x1c0a5777 in DetectEngineInspectHttpHeader ()
#6  0x1c0b14e9 in DeStateDetectStartDetection ()
#7  0x1c04641f in SigMatchSignatures ()
#8  0x1c0474fb in Detect ()
#9  0x1c1ce1a9 in TmThreadsSlot1 ()
#10 0x01c5da2e in _thread_start () at
/usr/src/lib/libpthread/uthread/uthread_create.c:242
#11 0x0000002b in ?? ()
#12 0x00000000 in ?? ()
(gdb)

Regards

-- 
Henri Wahl

IT Department
Leibniz-Institut für Festkörper- u.
Werkstoffforschung Dresden

tel. (03 51) 46 59 - 797
email: h.wahl at ifw-dresden.de
http://www.ifw-dresden.de

Nagios status monitor for your desktop:
http://nagstamon.ifw-dresden.de

IFW Dresden e.V., Helmholtzstraße 20, D-01069 Dresden
VR Dresden Nr. 1369
Vorstand: Prof. Dr. Ludwig Schultz, Dr. h.c. Dipl.-Finw. Rolf Pfrengle

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4719 bytes
Desc: S/MIME Kryptografische Unterschrift
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20120504/f36a0f39/attachment.bin>

More information about the Oisf-devel mailing list