[Oisf-users] Segfault on Debian 8.3

Hovsep Levi hovsep.sanjay.levi at gmail.com
Mon Mar 28 15:51:13 UTC 2016 

Hello.

On Debian 8.3 both Suricata 2.0.11 and 3.0.0 segfault after some time,
maybe a few hours.  I think a bug exists in a PCRE parser for an IRC
signature.  This problem does not happen on Ubuntu.

What do you think ?

Thanks,

Hovsep


#0  0x00007f8e6ed784bb in ?? ()
#1  0x00007f8d7f530cca in ?? ()
#2  0x00007f8e6ed781a8 in ?? ()
#3  0x0000000000000001 in ?? ()
#4  0x0000000000000dac in ?? ()
#5  0x00007f8c811020be in ?? ()
#6  0x0000000000000dac in ?? ()
#7  0x00007f8c811020be in ?? ()
#8  0x00000000030c5fe7 in ?? ()
#9  0x00000000030c5fe6 in ?? ()
#10 0x00000000034d35e2 in ?? ()
#11 0x00000000030c5fe7 in ?? ()
#12 0x0000000000000001 in ?? ()
#13 0x000000000e3b5540 in ?? ()
#14 0x00000000030c5fe7 in ?? ()
#15 0x0000000000000338 in ?? ()
#16 0x0000000000000002 in ?? ()
#17 0x000000000e3b6a40 in ?? ()
#18 0x00007f8e720c78bf in ?? () from /lib/x86_64-linux-gnu/libpcre.so.3
#19 0x00007f8e720ed288 in ?? () from /lib/x86_64-linux-gnu/libpcre.so.3
#20 0x00007f8e720c63a9 in pcre_exec () from
/lib/x86_64-linux-gnu/libpcre.so.3
#21 0x00000000004a19ee in DetectPcrePayloadMatch (det_ctx=0x7f8d6c08c0d0,
s=<optimized out>, sm=<optimized out>, p=0x30c57f0, f=0x7f8d08d33f40,
    payload=0x30c5fe2 "_NICKNAME=



linux-vdso.so.1 (0x00007fffa4a00000)
libhtp-0.5.18.so.1 => /opt/suricata-2.0.11/lib/libhtp-0.5.18.so.1
(0x00007fa972000000)
libGeoIP.so.1 => /usr/lib/x86_64-linux-gnu/libGeoIP.so.1
(0x00007fa971dd0000)
libmagic.so.1 => /usr/lib/x86_64-linux-gnu/libmagic.so.1
(0x00007fa971bb0000)
libcap-ng.so.0 => /usr/lib/x86_64-linux-gnu/libcap-ng.so.0
(0x00007fa9719a8000)
libpcap.so.1 => /opt/pfring/lib/libpcap.so.1 (0x00007fa971710000)
libpfring.so => /opt/pfring/lib/libpfring.so (0x00007fa9714b0000)
libnet.so.1 => /usr/lib/x86_64-linux-gnu/libnet.so.1 (0x00007fa971290000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007fa971070000)
libyaml-0.so.2 => /usr/lib/x86_64-linux-gnu/libyaml-0.so.2
(0x00007fa970e50000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fa970be0000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fa970830000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fa970610000)
/lib64/ld-linux-x86-64.so.2 (0x00007fa972220000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fa970408000)



ii  libpcre-ocaml                    7.0.4-1
 amd64        OCaml bindings for PCRE (runtime)
ii  libpcre3:amd64                   2:8.35-3.3+deb8u2
 amd64        Perl 5 Compatible Regular Expression Library - runtime files
ii  libpcre3-dev:amd64               2:8.35-3.3+deb8u2
 amd64        Perl 5 Compatible Regular Expression Library - development
files
ii  libpcrecpp0:amd64                2:8.35-3.3+deb8u2
 amd64        Perl 5 Compatible Regular Expression Library - C++ runtime
files
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160328/ef2a35ab/attachment.html>

More information about the Oisf-users mailing list