[Oisf-users] Segfault with Suricata from git

Peter Bates peter.bates at ucl.ac.uk
Wed Jun 20 12:05:48 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

I'm seeing segfaults after a while with Suricata from git.

[4904] 20/6/2012 -- 12:36:48 - (suricata.c:1169) <Info> (main) -- This
is Suricata version 1.3dev (rev 988c92f)

[4904] 20/6/2012 -- 12:36:53 - (tm-threads.c:1858) <Info>
(TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 3
management threads initialized, engine started.

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb2affb70 (LWP 4918)]
DetectEngineBufferHttpHeaders (det_ctx=0xb17012e0, f=<value optimized
out>,
    htp_state=0x20fae950, flags=4 '\004') at detect-engine-hhd.c:139
139                 size_t size2 = bstr_size(h->value);
Missing separate debuginfos, use: debuginfo-install
file-libs-5.04-17.fc14.i686 glibc-2.13-2.i686
libcap-ng-0.6.5-1.fc14.i686 libgcc-4.5.1-4.fc14.i686
libnet-1.1.5-1.fc14.i686 libnl-1.1-14.fc14.i686
libyaml-0.1.3-2.fc13.i686 pcre-8.10-2.fc14.i686 zlib-1.2.5-2.fc14.i686

(gdb) bt
#0  DetectEngineBufferHttpHeaders (det_ctx=0xb17012e0,
    f=<value optimized out>, htp_state=0x20fae950, flags=4 '\004')
    at detect-engine-hhd.c:139
#1  0x0809bb0f in DetectEngineRunHttpHeaderMpm (det_ctx=0xb17012e0,
    f=0xa2e256e8, htp_state=0x20fae950, flags=10 '\n')
    at detect-engine-hhd.c:187
#2  0x08076cd8 in DetectMpmPrefilter (th_v=0x9beeee8, de_ctx=0x9068bd8,
    det_ctx=0xb17012e0, p=0x8d30120) at detect.c:1222
#3  SigMatchSignatures (th_v=0x9beeee8, de_ctx=0x9068bd8,
det_ctx=0xb17012e0,
    p=0x8d30120) at detect.c:1468
#4  0x08076fbf in Detect (tv=0x9beeee8, p=0x8d30120, data=0xb17012e0,
    pq=0x99d1288, postpq=0x0) at detect.c:1841
#5  0x0813f8b4 in TmThreadsSlotVarRun (tv=0x9beeee8, p=0x8d30120,
    slot=0x9aa98d8) at tm-threads.c:479
#6  0x08141ce6 in TmThreadsSlotVar (td=0x9beeee8) at tm-threads.c:689
#7  0x005efe99 in start_thread () from /lib/libpthread.so.0
#8  0x00509d2e in clone () from /lib/libc.so.6

This is with PF_RING, and I first thought it was the result of messing
about with BPF filters but I've since commented them out (of
suricata.yaml).

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP4bycAAoJELhVoVpEMS6RO/0H/AtD0HB+EYlDNhcmd2NUKAJr
VqW8baT6YrClHxJUmAvUdSOgjZVs99yRizRuLiM2P0IfwAAKKgJXqS5eXNJ2qoGC
RHhMinJ1vw902BYFbpoGZiYi/9iFcgslravME/BnJUR5CB++e8Htvi3o2wtKL4rD
LY8UmUkTpxcnpxXYKq3oKWb/2dDcBSYhI4h5ZVzOzN/RIaYgOVX01zn7wyRRJypx
JcRbYNSjnYg3FVUjf3yRC8iz/eQ7r2wr2pyGlEzeVLvKgm6buISBTUn1H3/SkAOf
/Qgkl9kfaKsfigAumFoUfEi17LwkrTAM74otahEXdoWuHuLvtneHLVIo28WzvxY=
=hQ8c
-----END PGP SIGNATURE-----

More information about the Oisf-users mailing list