[Snort-devel] Re: bug/memory leak in rules.c
cmg at ...402...
Wed Aug 7 09:11:06 EDT 2002
Jonathan <rakocy at ...1503...> writes:
> Hi, I wrote about two weeks about complaining about a bug. Snort would
> die approximately every day and a half. I was able to look at
> the core with gdb and found a segmentation fault.
Do you have backtraces? I may have missed it. I apologize. I could
use about 5 more eye balls and arms :)
> After looking into it further, we found that snort (the computer) was
> running out of memory. After more hours of frustration, we compiled snort on
> solaris and took advantage of some school software, purify, which found a
> memory leak in rules.c. The biggest problems were found in the
> function ParseRuleOptions were toks and opts would only be partially
> freed or not freed at all. We fixed as much as we could in rules.c.
Yes, this is ugly and its being redone for 1.9. That's all static data
> This is from an ~1.5M tcpdump file.
> old: Memory leaked: 554613 bytes (14.6%); potentially leaked: 1098
> bytes (0.0289%)
> new: Memory leaked: 24673 bytes (0.762%); potentially leaked: 160 bytes
> There is still a few small problems (AllocAddrNode [rules.c:2275] and
> uninitialized memory reads) but as you can see there is a big difference.
> Snort has been running solidly since I recompiled.
> Where can I send a diff file, code and anything else to?
Me. Use diff -Nur snort-1.9.orig snort-1.9-patched . Is the patch
against current CVS?
Chris Green <cmg at ...402...>
"Yeah, but you're taking the universe out of context."
More information about the Snort-devel