[Oisf-devel] valgrind error in http_header mpm
Victor Julien
victor at inliniac.net
Thu Mar 14 17:21:00 UTC 2013
While testing something else I stumbled upon this error:
==16807== Thread 5:
==16807== Invalid read of size 1
==16807== at 0x4C2D8EC: bcmp (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16807== by 0x93E05E: SCACSearch (util-mpm-ac.c:1239)
==16807== by 0x66C2D5: HttpHeaderPatternSearch (detect-engine-mpm.c:386)
==16807== by 0x6012AE: DetectEngineRunHttpHeaderMpm
(detect-engine-hhd.c:223)
==16807== by 0x546635: DetectMpmPrefilter (detect.c:1048)
==16807== by 0x54890F: SigMatchSignatures (detect.c:1355)
==16807== by 0x54AFA5: Detect (detect.c:1789)
==16807== by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
==16807== by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
==16807== by 0x5D03E99: start_thread (pthread_create.c:308)
==16807== by 0x69AFCBC: clone (clone.S:112)
==16807== Address 0xcf48d2d is 3 bytes before a block of size 92 alloc'd
==16807== at 0x4C2B4F0: realloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==16807== by 0x600A46: DetectEngineHHDGetBufferForTX
(detect-engine-hhd.c:160)
==16807== by 0x60127A: DetectEngineRunHttpHeaderMpm
(detect-engine-hhd.c:215)
==16807== by 0x546635: DetectMpmPrefilter (detect.c:1048)
==16807== by 0x54890F: SigMatchSignatures (detect.c:1355)
==16807== by 0x54AFA5: Detect (detect.c:1789)
==16807== by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
==16807== by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
==16807== by 0x5D03E99: start_thread (pthread_create.c:308)
==16807== by 0x69AFCBC: clone (clone.S:112)
Anoop, can you have a look? Found it in sandnet.pcap with default config
and emerging-all.rules.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list