[Oisf-users] Segfault with Suricata from git

Peter Manev petermanev at gmail.com
Wed Jun 20 13:10:02 UTC 2012 

Hi Peter,
What platform are you using? maybe I can try reproducing the issue.

On Wed, Jun 20, 2012 at 2:05 PM, Peter Bates <peter.bates at ucl.ac.uk> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> I'm seeing segfaults after a while with Suricata from git.
>
> [4904] 20/6/2012 -- 12:36:48 - (suricata.c:1169) <Info> (main) -- This
> is Suricata version 1.3dev (rev 988c92f)
>
> [4904] 20/6/2012 -- 12:36:53 - (tm-threads.c:1858) <Info>
> (TmThreadWaitOnThreadInit) -- all 13 packet processing threads, 3
> management threads initialized, engine started.
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0xb2affb70 (LWP 4918)]
> DetectEngineBufferHttpHeaders (det_ctx=0xb17012e0, f=<value optimized
> out>,
>    htp_state=0x20fae950, flags=4 '\004') at detect-engine-hhd.c:139
> 139                 size_t size2 = bstr_size(h->value);
> Missing separate debuginfos, use: debuginfo-install
> file-libs-5.04-17.fc14.i686 glibc-2.13-2.i686
> libcap-ng-0.6.5-1.fc14.i686 libgcc-4.5.1-4.fc14.i686
> libnet-1.1.5-1.fc14.i686 libnl-1.1-14.fc14.i686
> libyaml-0.1.3-2.fc13.i686 pcre-8.10-2.fc14.i686 zlib-1.2.5-2.fc14.i686
>
> (gdb) bt
> #0  DetectEngineBufferHttpHeaders (det_ctx=0xb17012e0,
>    f=<value optimized out>, htp_state=0x20fae950, flags=4 '\004')
>    at detect-engine-hhd.c:139
> #1  0x0809bb0f in DetectEngineRunHttpHeaderMpm (det_ctx=0xb17012e0,
>    f=0xa2e256e8, htp_state=0x20fae950, flags=10 '\n')
>    at detect-engine-hhd.c:187
> #2  0x08076cd8 in DetectMpmPrefilter (th_v=0x9beeee8, de_ctx=0x9068bd8,
>    det_ctx=0xb17012e0, p=0x8d30120) at detect.c:1222
> #3  SigMatchSignatures (th_v=0x9beeee8, de_ctx=0x9068bd8,
> det_ctx=0xb17012e0,
>    p=0x8d30120) at detect.c:1468
> #4  0x08076fbf in Detect (tv=0x9beeee8, p=0x8d30120, data=0xb17012e0,
>    pq=0x99d1288, postpq=0x0) at detect.c:1841
> #5  0x0813f8b4 in TmThreadsSlotVarRun (tv=0x9beeee8, p=0x8d30120,
>    slot=0x9aa98d8) at tm-threads.c:479
> #6  0x08141ce6 in TmThreadsSlotVar (td=0x9beeee8) at tm-threads.c:689
> #7  0x005efe99 in start_thread () from /lib/libpthread.so.0
> #8  0x00509d2e in clone () from /lib/libc.so.6
>
> This is with PF_RING, and I first thought it was the result of messing
> about with BPF filters but I've since commented them out (of
> suricata.yaml).
>
> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJP4bycAAoJELhVoVpEMS6RO/0H/AtD0HB+EYlDNhcmd2NUKAJr
> VqW8baT6YrClHxJUmAvUdSOgjZVs99yRizRuLiM2P0IfwAAKKgJXqS5eXNJ2qoGC
> RHhMinJ1vw902BYFbpoGZiYi/9iFcgslravME/BnJUR5CB++e8Htvi3o2wtKL4rD
> LY8UmUkTpxcnpxXYKq3oKWb/2dDcBSYhI4h5ZVzOzN/RIaYgOVX01zn7wyRRJypx
> JcRbYNSjnYg3FVUjf3yRC8iz/eQ7r2wr2pyGlEzeVLvKgm6buISBTUn1H3/SkAOf
> /Qgkl9kfaKsfigAumFoUfEi17LwkrTAM74otahEXdoWuHuLvtneHLVIo28WzvxY=
> =hQ8c
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120620/0144a084/attachment-0002.html>

More information about the Oisf-users mailing list