[Oisf-devel] Segmentation faults
Victor Julien
victor at inliniac.net
Fri Aug 27 12:38:47 UTC 2010
Thanks for the report Ashwin. I've opened ticket 231 for it:
https://redmine.openinfosecfoundation.org/issues/231
Cheers,
Victor
Ashwin Paranjpe wrote:
> Observed 2 segmentation faults while using Suricata. The traffic used
> for the test was a (large) merged pcap of multiple pcaps available on
> pcapr.net <http://pcapr.net>.
> Although that pcap cannot be retrieved and shared, I have noted some
> preliminary GDB analysis that might help identify the issues.
>
>
> 1) Segmentation fault occurred at *"libhtp/htp/htp_response_generic.c" 279L*
> Code: size_t len = bstr_len(tx->response_line);
>
> (gdb) p tx->response_line
> $24 = (bstr *) 0x0
> (gdb) p tx->response_line.ptr
> Cannot access memory at 0x0
> Macro bstr_len tried to dereference a NULL pointer (response_line)
>
>
>
> 2) Segmentation fault occurred at *"src/detect-http-method.c" 697L*
> Code: for(idx = 0; idx < list_size(hs->connp->conn->transactions); idx++)
>
> The pointer "hs" is NULL, and is being dereferenced. Suricata does have
> a check to detect whether this ptr is NULL.
> However, the check is performed before acquiring a semaphore.
> Apparently, things change by the time the semaphore is acquired.
> Perhaps, the checks need to be performed before and after the semaphore
> operation.
>
> -Ashwin.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list