Hugal31/yara-rust

Error: misaligned pointer dereference: address must be a multiple of 0x8

Jamba777 opened this issue · 4 comments

Hello!
Can you help me with this error ?
Yara version: 0.22.0
Rust compiler version: 1.71.0
With compiler version 1.69.0 all works well.

Full error:
thread 'Pkt-parser-thr' panicked at 'misaligned pointer dereference: address must be a multiple of 0x8 but is 0x7fffd021c2f9', /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/matches.rs:30:30 stack backtrace: 0: 0x5555575766a1 - std::backtrace_rs::backtrace::libunwind::trace::h6aeaf83abc038fe6 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5 1: 0x5555575766a1 - std::backtrace_rs::backtrace::trace_unsynchronized::h4f9875212db0ad97 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5 2: 0x5555575766a1 - std::sys_common::backtrace::_print_fmt::h3f820027e9c39d3b at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:65:5 3: 0x5555575766a1 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::hded4932df41373b3 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:44:22 4: 0x5555575a368f - core::fmt::rt::Argument::fmt::hc8ead7746b2406d6 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/fmt/rt.rs:138:9 5: 0x5555575a368f - core::fmt::write::hb1cb56105a082ad9 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/fmt/mod.rs:1094:21 6: 0x555557572e91 - std::io::Write::write_fmt::h797fda7085c97e57 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/io/mod.rs:1713:15 7: 0x5555575764b5 - std::sys_common::backtrace::_print::h492d3c92d7400346 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:47:5 8: 0x5555575764b5 - std::sys_common::backtrace::print::hf74aa2eef05af215 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:34:9 9: 0x555557577b07 - std::panicking::default_hook::{{closure}}::h8cad394227ea3de8 10: 0x5555575778f4 - std::panicking::default_hook::h249cc184fec99a8a at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:288:9 11: 0x555557577fbc - std::panicking::rust_panic_with_hook::h82ebcd5d5ed2fad4 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:705:13 12: 0x555557577eb7 - std::panicking::begin_panic_handler::{{closure}}::h810bed8ecbe66f1a at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:597:13 13: 0x555557576ad6 - std::sys_common::backtrace::__rust_end_short_backtrace::h1410008071796261 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:151:18 14: 0x555557577c02 - rust_begin_unwind at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:593:5 15: 0x555555730213 - core::panicking::panic_fmt::ha0a42a25e0cf258d at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panicking.rs:67:14 16: 0x55555573046b - core::panicking::panic_misaligned_pointer_dereference::h6f6e2edb4c85575b at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panicking.rs:174:5 17: 0x555555b505a3 - <yara::internals::matches::MatchIterator as core::iter::traits::iterator::Iterator>::next::hbc2e281f77b3c4f6 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/matches.rs:30:30 18: 0x555555b4d166 - <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::next::h8e1a93d0591cda4d at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/iter/adapters/map.rs:103:9 19: 0x555555b4b698 - <alloc::vec::Vec<T> as alloc::vec::spec_from_iter_nested::SpecFromIterNested<T,I>>::from_iter::hce12780a07112d9b at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/spec_from_iter_nested.rs:26:32 20: 0x555555b4cfe7 - <alloc::vec::Vec<T> as alloc::vec::spec_from_iter::SpecFromIter<T,I>>::from_iter::ha107e67ac10e4589 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/spec_from_iter.rs:33:9 21: 0x555555b4ceb4 - <alloc::vec::Vec<T> as core::iter::traits::collect::FromIterator<T>>::from_iter::hb39f9b186a8e8442 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/mod.rs:2711:9 22: 0x555555b4d4d7 - core::iter::traits::iterator::Iterator::collect::h30f3a32900ad6db1 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/iter/traits/iterator.rs:1895:9 23: 0x555555b4d82e - yara::internals::string::<impl core::convert::From<(&yara_sys::bindings::YR_SCAN_CONTEXT,&yara_sys::bindings::YR_STRING)> for yara::string::YrString>::from::hbeb23c41df1e3528 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/string.rs:55:23 24: 0x555555b4aee5 - yara::internals::rules::<impl core::convert::From<(&yara_sys::bindings::YR_SCAN_CONTEXT,&yara_sys::bindings::YR_RULE)> for yara::rules::Rule>::from::{{closure}}::hb6b1e6dc15c111f0 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/rules.rs:104:22 25: 0x555555b4aa8f - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &mut F>::call_once::h7c63dba3ad88b3e4 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/ops/function.rs:305:13 26: 0x555555b4d263 - core::option::Option<T>::map::h3fd811b1d562322e at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/option.rs:1075:29 27: 0x555555b4d263 - <core::iter::adapters::map::Map<I,F> as core::iter::traits::iterator::Iterator>::next::hb52184b8e735f6c4 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/iter/adapters/map.rs:103:26 28: 0x555555b4b35d - <alloc::vec::Vec<T> as alloc::vec::spec_from_iter_nested::SpecFromIterNested<T,I>>::from_iter::h6e035bdb3c35f9b9 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/spec_from_iter_nested.rs:26:32 29: 0x555555b4cf5b - <alloc::vec::Vec<T> as alloc::vec::spec_from_iter::SpecFromIter<T,I>>::from_iter::h291876c4463731dc at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/spec_from_iter.rs:33:9 30: 0x555555b4ce76 - <alloc::vec::Vec<T> as core::iter::traits::collect::FromIterator<T>>::from_iter::h93f4bd9547d9b96b at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/vec/mod.rs:2711:9 31: 0x555555b4d56b - core::iter::traits::iterator::Iterator::collect::hc297dfe062df28f5 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/iter/traits/iterator.rs:1895:9 32: 0x555555b4f029 - yara::internals::rules::<impl core::convert::From<(&yara_sys::bindings::YR_SCAN_CONTEXT,&yara_sys::bindings::YR_RULE)> for yara::rules::Rule>::from::h95ced70c6336d1f7 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/rules.rs:103:23 33: 0x555555b4dc32 - yara::internals::scan::CallbackMsg::from_yara::h127273845431262b at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/scan.rs:35:30 34: 0x555555b4de81 - yara::internals::scan::scan_callback::he41011a83dfbeef2 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/scan.rs:295:19 35: 0x7ffff7f98e86 - yr_scanner_scan_mem_blocks 36: 0x7ffff7f968f3 - yr_rules_scan_mem_blocks 37: 0x7ffff7f96bcb - yr_rules_scan_proc 38: 0x555555b4dd69 - yara::internals::scan::rules_scan_proc::ha7b3f62350869abc at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/internals/scan.rs:213:9 39: 0x555555b4f571 - yara::rules::Rules::scan_process_callback::ha28e4899ae7cec72 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/rules.rs:228:9 40: 0x555555b4f302 - yara::rules::Rules::scan_process::h1069b1d2a2b558e1 at /root/.cargo/registry/src/index.crates.io-6f17d22bba15001f/yara-0.22.0/src/rules.rs:207:9 41: 0x5555559910bc - sensor::services::malware_detector::detector::MalwareDetector::scan_exec_files_of_processes::{{closure}}::{{closure}}::h6e7614e77d633740 at /root/prjct/node-agent/sensor/src/services/malware_detector/detector.rs:139:53 42: 0x555555769656 - utils::time::measure_execution_time::h61733dae9ac30b6d at /root/prjct/node-agent/utils/src/time.rs:17:15 43: 0x555555990124 - sensor::services::malware_detector::detector::MalwareDetector::scan_exec_files_of_processes::{{closure}}::h36bdd7f973339340 at /root/prjct/node-agent/sensor/src/services/malware_detector/detector.rs:139:21 44: 0x5555557697c8 - utils::time::measure_execution_time::h8c5989c76824e062 at /root/prjct/node-agent/utils/src/time.rs:17:15 45: 0x555555796198 - sensor::services::malware_detector::detector::MalwareDetector::scan_exec_files_of_processes::h5b0b90d9f7e22991 at /root/prjct/node-agent/sensor/src/services/malware_detector/detector.rs:124:30 46: 0x55555598fa92 - sensor::services::malware_detector::detector::MalwareDetector::start::{{closure}}::h59f00f50d898c45f at /root/prjct/node-agent/sensor/src/services/malware_detector/detector.rs:98:21 47: 0x5555558d399e - core::ops::function::FnOnce::call_once::h68c9d0292bf91b5c at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/ops/function.rs:250:5 48: 0x555555a2cdb9 - std::sys_common::backtrace::__rust_begin_short_backtrace::hdb991c49a6c79af0 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys_common/backtrace.rs:135:18 49: 0x5555559e6373 - std::thread::Builder::spawn_unchecked_::{{closure}}::{{closure}}::h8792ca43e4962bff at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/thread/mod.rs:529:17 50: 0x555555ab8483 - <core::panic::unwind_safe::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::haf282a1d93ee1a57 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/panic/unwind_safe.rs:271:9 51: 0x555555a6893b - std::panicking::try::do_call::h7f97d2fc64896e95 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:500:40 52: 0x555555a7704b - __rust_try 53: 0x555555a623a8 - std::panicking::try::hb6eab239e5d60e8f [2023-10-31T17:06:25Z WARN sensor::clients::ml_unix_server_client::client] Parquet packet has not sent. Context: Connection refused (os error 111) at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panicking.rs:464:19 54: 0x5555559e58d3 - std::panic::catch_unwind::hd05b75238b8a6bd7 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/panic.rs:142:14 55: 0x5555559e58d3 - std::thread::Builder::spawn_unchecked_::{{closure}}::h28513d3def5eaad5 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/thread/mod.rs:528:30 56: 0x5555558d112e - core::ops::function::FnOnce::call_once{{vtable.shim}}::h1c9c8dae5019dbdd at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/core/src/ops/function.rs:250:5 57: 0x55555757d3e5 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h9adfc2ae43657457 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/boxed.rs:1985:9 58: 0x55555757d3e5 - <alloc::boxed::Box<F,A> as core::ops::function::FnOnce<Args>>::call_once::h14fefbfa7b574396 at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/alloc/src/boxed.rs:1985:9 59: 0x55555757d3e5 - std::sys::unix::thread::Thread::new::thread_start::ha211bb47f6f5cedc at /rustc/8ede3aae28fe6e4d52b38157d7bfe0d3bceef225/library/std/src/sys/unix/thread.rs:108:17 60: 0x7ffff777bac3 - start_thread at ./nptl/pthread_create.c:442:8 61: 0x7ffff780da40 - clone3 at ./misc/../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 62: 0x0 - <unknown>

Hi,

This looks a lot like #112. Can you provide:

  • A description of your system (OS and version).
  • Which yara-rust version you are using
  • Which feature flags do you use and how do you link with Yara. If you don't use the vendored feature flag, what is the version of Yara?
  • If possible some code that triggers the bug.
  1. Ubuntu 22.04.2 LTS
  2. 0.22.0
  3. No feature flags, just yara = "0.21.0"

let (ruleset_alerts, verify_time) = time::measure_execution_time(|| ruleset.scan_process(exec_file_data.pid, SCAN_APP_TIMEOUT));

Important! With compiler version 1.69 all works well. When I switch to version 1.71.0+ - I have this issue.

Which version of yara (not yara-rust, yeah it's confusing) are you using?

Ubuntu 22.04's libyara-dev is Yara 4.1.3, which indeed has this memory alignment bug. The bug is fixed using Yara >=4.3, so you can either :

  • Install libyara-dev 4.3 by yourself
  • Use the vendored feature flag.

Thanks, resolved !