Comments (13)
hillu
commented on May 22, 2024
Can you reproduce the crash every time, given the same sample and ruleset?
from go-yara.
PimmyTrousers
commented on May 22, 2024
yes I can reproduce it every time and interesting so, its exactly this everytime [signal SIGSEGV: segmentation violation code=0x1 addr=0x2f pc=0xcd3e97]
from go-yara.
hillu
commented on May 22, 2024
Great! Can you strip down the application you deploy using Docker into something I could use for trying to reproduce the issue? Also, I'd need access to the sample. (Putting it into an encrypted ZIP file and attaching it to the issue might work.)
from go-yara.
PimmyTrousers
commented on May 22, 2024
Yup ill create a recreatable dockerfile and post it here!
from go-yara.
PimmyTrousers
commented on May 22, 2024
Hello again! Created a repo to replicate the issue I'm seeing. If you have any questions lemme know https://github.com/PimmyTrousers/DockerYaraMock
from go-yara.
hillu
commented on May 22, 2024
Thanks.
from go-yara.
botherder
commented on May 22, 2024
FWIW, I've been having the same issue (contacted @hillu over email about it).
I am not running the Yara scanner in a docker container, and it also crashes in the same place with a rather large ruleset.
from go-yara.
PimmyTrousers
commented on May 22, 2024
@hillu I believe I have a fix for this. #57
from go-yara.
hillu
commented on May 22, 2024
@PimmyTrousers I believe that your build setup might be to blame for the crash. I noticed that you install libyara-dev which pulls in the libyara3 shared library package. If libyara-dev is replaced by the packages that are needed to build the Debian yara package, the problem goes away.
There are two other things that my PR (PimmyTrousers/DockerYaraMock#1) does:
- Run
ldconfigaftermake installotherwise yarac cannot be run. - Run configure with the same parameters as is done in the Debian
yarapackage; otherwise the ruleset cannot be compiled because it relies on modules that have to be enable explicitly.
Both steps indicate that libyara.so.3 from the distribution was used previously.
from go-yara.
hillu
commented on May 22, 2024
@PimmyTrousers Ping? Can I close this issue?
from go-yara.
PimmyTrousers
commented on May 22, 2024
Yes we can close the issue. You were right. You're fix was correct :) Thanks for the fix!
from go-yara.
botherder
commented on May 22, 2024
@hillu Is there any way to avoid this issue, without either compiling directly on the production server or using a statically linked binary?
Would compiling with the same version as the libyara3 installed on the production server work?
from go-yara.
hillu
commented on May 22, 2024
@botherder Compiling with the same libyara3 version should work.
from go-yara.
Related Issues (20)
- ld: warning: directory not found for option '-L/usr/local/Cellar/yara/4.1.2/lib' HOT 1
- "invalid pointer on stack" panic HOT 5
- Is there a code sample or a tutorial for beginners somewhere? HOT 6
- Error when compiling go-yara HOT 4
- The problem of scanning the file with Chinese filename HOT 14
- using go-yara with my own compiled yara library without crypto HOT 3
- cannot convert file.Fd() (value of type uintptr) to type _Ctype_HANDLE HOT 14
- Module Install fails b/c pkg-config cannot find libcrypto which is needed by yara HOT 3
- Yara getting "lost" during file/process scanning HOT 4
- static build failed: undefined reference to `log2'
- Compiling the Windows 32-bit DLL using Visual C++ HOT 1
- 4.3.0 fails to cross compile on mingw
- Documentation Is Not Clear HOT 3
- There's no way to return an error from MemoryBlockIterator HOT 5
- yr_scanner_scan_file Using mmap is a dangerous operation HOT 9
- Unable to cross compile yara for windows on ubuntu HOT 5
- Is the new tag version expected ? HOT 1
- Shippable binary for OSX HOT 6
- Canβt build yara module statically into executable HOT 2
- cbPool storage exhausted HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-yara.