[Oisf-devel] Building suricata 1.4.2 with clang

Peter Manev petermanev at gmail.com
Fri Jun 7 06:44:51 UTC 2013 

Hi Sebastian,

On Fri, Jun 7, 2013 at 6:33 AM, Sebastian Roschke <s.roschke at gmail.com>wrote:

> Dear list,
>
> not sure if I should direct this request somewhere else. I am trying to
> build suricata with clang and ASAN:
>
> CC=clang CFLAGS='-O0 -g -fsanitize=address' CPPFLAGS='-O0 -g
> -fsanitize=address' ./configure
> make
>
>
What OS are you doing that on?


> This works fine. Running suricata afterwards miserably fails:
>
> ./suricata -c suricata.yaml
> 6/6/2013 -- 21:19:50 - <Info> - This is Suricata version 1.4.2 RELEASE
> 6/6/2013 -- 21:19:50 - <Info> - CPUs/cores online: 4
> =================================================================
> ==12833== ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x7ff64b7ce6c0 at pc 0x10be76b bp 0x7fff3db91070 sp 0x7fff3db91068
> READ of size 16 at 0x7ff64b7ce6c0 thread T0
>    #0 0x10be76a
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x10be76a)
>    #1 0x10aac45
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x10aac45)
>    #2 0x10a395a
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x10a395a)
>    #3 0x4e00b4
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x4e00b4)
>    #4 0x530cef
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x530cef)
>    #5 0x570eb1
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x570eb1)
>    #6 0x4e5c95
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x4e5c95)
>    #7 0xe6f4e8
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0xe6f4e8)
>    #8 0x7ff649f0976c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
> 0x7ff64b7ce6c0 is located 0 bytes to the right of 4-byte region
> [0x7ff64b7ce6c0,0x7ff64b7ce6c4)
> allocated by thread T0 here:
>    #0 0x12595f0
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x12595f0)
>    #1 0x10a9c75
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x10a9c75)
>    #2 0x10a395a
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x10a395a)
>    #3 0x4e00b4
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x4e00b4)
>    #4 0x530cef
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x530cef)
>    #5 0x570eb1
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x570eb1)
>    #6 0x4e5c95
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0x4e5c95)
>    #7 0xe6f4e8
> (/some/path/suricata/suricata-1.4.2-clang-build/suricata-1.4.2/src/.libs/lt-suricata+0xe6f4e8)
>    #8 0x7ff649f0976c (/lib/x86_64-linux-gnu/libc-2.15.so+0x2176c)
> Shadow byte and word:
>  0x1ffec96f9cd8: 4
>  0x1ffec96f9cd8: 04 fb fb fb fb fb fb fb
> More shadow bytes:
>  0x1ffec96f9cb8: 00 00 00 00 00 fb fb fb
>  0x1ffec96f9cc0: fa fa fa fa fa fa fa fa
>  0x1ffec96f9cc8: 04 fb fb fb fb fb fb fb
>  0x1ffec96f9cd0: fa fa fa fa fa fa fa fa
> =>0x1ffec96f9cd8: 04 fb fb fb fb fb fb fb
>  0x1ffec96f9ce0: fa fa fa fa fa fa fa fa
>  0x1ffec96f9ce8: fa fa fa fa fa fa fa fa
>  0x1ffec96f9cf0: fa fa fa fa fa fa fa fa
>  0x1ffec96f9cf8: fa fa fa fa fa fa fa fa
> Stats: 1M malloced (1M for red zones) by 3256 calls
> Stats: 0M realloced by 132 calls
> Stats: 0M freed by 2194 calls
> Stats: 0M really freed by 0 calls
> Stats: 7M (1927 full pages) mmaped in 12 calls
>  mmaps   by size class: 7:4095; 8:2047; 9:1023; 10:511; 11:255; 13:64;
> 14:32; 15:16; 16:8; 20:3;
>  mallocs by size class: 7:3215; 8:22; 9:3; 10:4; 11:2; 13:1; 14:2; 15:2;
> 16:2; 20:3;
>  frees   by size class: 7:2181; 8:3; 9:3; 10:3; 11:1; 15:1; 16:2;
>  rfrees  by size class:
> Stats: malloc large: 7 small slow: 19
> ==12833== ABORTING
>
> Any pointers would be appreciated.
>
> Thanks,
> Sebastian
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130607/e741a552/attachment-0002.html>

More information about the Oisf-devel mailing list