[Oisf-devel] valgrind error in http_header mpm

Victor Julien victor at inliniac.net
Fri Mar 15 10:03:16 UTC 2013 

On 03/14/2013 06:57 PM, Anoop Saldanha wrote:
> On Thu, Mar 14, 2013 at 10:51 PM, Victor Julien <victor at inliniac.net> wrote:
>> While testing something else I stumbled upon this error:
>>
>> ==16807== Thread 5:
>> ==16807== Invalid read of size 1
>> ==16807==    at 0x4C2D8EC: bcmp (in
>> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
>> ==16807==    by 0x93E05E: SCACSearch (util-mpm-ac.c:1239)
>> ==16807==    by 0x66C2D5: HttpHeaderPatternSearch (detect-engine-mpm.c:386)
>> ==16807==    by 0x6012AE: DetectEngineRunHttpHeaderMpm
>> (detect-engine-hhd.c:223)
>> ==16807==    by 0x546635: DetectMpmPrefilter (detect.c:1048)
>> ==16807==    by 0x54890F: SigMatchSignatures (detect.c:1355)
>> ==16807==    by 0x54AFA5: Detect (detect.c:1789)
>> ==16807==    by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
>> ==16807==    by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
>> ==16807==    by 0x5D03E99: start_thread (pthread_create.c:308)
>> ==16807==    by 0x69AFCBC: clone (clone.S:112)
>> ==16807==  Address 0xcf48d2d is 3 bytes before a block of size 92 alloc'd
>> ==16807==    at 0x4C2B4F0: realloc (in
>> /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
>> ==16807==    by 0x600A46: DetectEngineHHDGetBufferForTX
>> (detect-engine-hhd.c:160)
>> ==16807==    by 0x60127A: DetectEngineRunHttpHeaderMpm
>> (detect-engine-hhd.c:215)
>> ==16807==    by 0x546635: DetectMpmPrefilter (detect.c:1048)
>> ==16807==    by 0x54890F: SigMatchSignatures (detect.c:1355)
>> ==16807==    by 0x54AFA5: Detect (detect.c:1789)
>> ==16807==    by 0x8DE305: TmThreadsSlotVarRun (tm-threads.c:542)
>> ==16807==    by 0x8DF5ED: TmThreadsSlotVar (tm-threads.c:789)
>> ==16807==    by 0x5D03E99: start_thread (pthread_create.c:308)
>> ==16807==    by 0x69AFCBC: clone (clone.S:112)
>>
>> Anoop, can you have a look? Found it in sandnet.pcap with default config
>> and emerging-all.rules.
>>
> 
> Can you attach the rules file?
> 

Sent off-list.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list