[Oisf-devel] valgrind error in http_header mpm
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Mar 14 17:57:01 UTC 2013
On Thu, Mar 14, 2013 at 10:51 PM, Victor Julien <victor at inliniac.net> wrote:
> While testing something else I stumbled upon this error:
>
> ==16807== Thread 5:
> ==16807== Invalid read of size 1
> ==16807== at 0x4C2D8EC: bcmp (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16807== by 0x93E05E: SCACSearch (util-mpm-ac.c:1239)
> ==16807== by 0x66C2D5: HttpHeaderPatternSearch (detect-engine-mpm.c:386)
> ==16807== by 0x6012AE: DetectEngineRunHttpHeaderMpm
> (detect-engine-hhd.c:223)
> ==16807== by 0x546635: DetectMpmPrefilter (detect.c:1048)
> ==16807== by 0x54890F: SigMatchSignatures (detect.c:1355)
> ==16807== by 0x54AFA5: Detect (detect.c:1789)
> ==16807== by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
> ==16807== by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
> ==16807== by 0x5D03E99: start_thread (pthread_create.c:308)
> ==16807== by 0x69AFCBC: clone (clone.S:112)
> ==16807== Address 0xcf48d2d is 3 bytes before a block of size 92 alloc'd
> ==16807== at 0x4C2B4F0: realloc (in
> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==16807== by 0x600A46: DetectEngineHHDGetBufferForTX
> (detect-engine-hhd.c:160)
> ==16807== by 0x60127A: DetectEngineRunHttpHeaderMpm
> (detect-engine-hhd.c:215)
> ==16807== by 0x546635: DetectMpmPrefilter (detect.c:1048)
> ==16807== by 0x54890F: SigMatchSignatures (detect.c:1355)
> ==16807== by 0x54AFA5: Detect (detect.c:1789)
> ==16807== by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
> ==16807== by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
> ==16807== by 0x5D03E99: start_thread (pthread_create.c:308)
> ==16807== by 0x69AFCBC: clone (clone.S:112)
>
> Anoop, can you have a look? Found it in sandnet.pcap with default config
> and emerging-all.rules.
>
Can you attach the rules file?
--
Anoop Saldanha
More information about the Oisf-devel
mailing list