osquery memcheck

gistfile1.txt

ubuntu@ip-10-0-0-15 ~/osquery sudo valgrind --tool=memcheck --track-origins=yes osqueryd 
==15362== Memcheck, a memory error detector
==15362== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==15362== Using Valgrind-3.10.0.SVN and LibVEX; rerun with -h for copyright info
==15362== Command: osqueryd
==15362== 
I1030 22:47:34.823153 15362 daemon.cpp:25] Listing all plugins
I1030 22:47:34.917042 15362 daemon.cpp:27] Logger plugins:
I1030 22:47:34.921547 15362 daemon.cpp:29]   - filesystem
I1030 22:47:34.923684 15362 daemon.cpp:29]   - glog
I1030 22:47:34.924487 15362 daemon.cpp:32] Config plugins:
I1030 22:47:34.928673 15362 daemon.cpp:34]   - filesystem
I1030 22:47:34.931170 15362 daemon.cpp:37] Event Types:
I1030 22:47:34.935333 15362 daemon.cpp:39]   - INotifyEventPublisher
I1030 22:47:34.937813 15362 daemon.cpp:42] Event Modules:
I1030 22:47:34.941954 15362 daemon.cpp:44]   - PasswdChangesEventSubscriber
I1030 22:47:35.427763 15364 scheduler.cpp:60] osquery::initializeScheduler
I1030 22:47:36.477522 15364 scheduler.cpp:20] launchQueries: 35
I1030 22:47:37.485864 15364 scheduler.cpp:20] launchQueries: 36
I1030 22:47:37.487005 15364 scheduler.cpp:23] executing query: SELECT port.local_port, port.remote_port, port.local_ip, port.remote_ip, socket.pid, process.name, process.cmdline, process.path FROM socket_inode AS socket JOIN port_inode AS port ON socket.inode = port.inode INNER JOIN processes AS process ON socket.pid = process.pid;
==15362== Thread 3:
==15362== Conditional jump or move depends on uninitialised value(s)
==15362==    at 0x5558A48: std::string::find(char const*, unsigned long, unsigned long) const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==15362==    by 0x80D9D2: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==    by 0x808C2A: osquery::launchQueries(std::vector<osquery::OsqueryScheduledQuery, std::allocator<osquery::OsqueryScheduledQuery> > const&, long const&) (in /usr/local/bin/osqueryd)
==15362==  Uninitialised value was created by a heap allocation
==15362==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15362==    by 0x80D905: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==    by 0x808C2A: osquery::launchQueries(std::vector<osquery::OsqueryScheduledQuery, std::allocator<osquery::OsqueryScheduledQuery> > const&, long const&) (in /usr/local/bin/osqueryd)
==15362== 
I1030 22:47:57.244665 15364 scheduler.cpp:20] launchQueries: 37
I1030 22:47:58.245656 15364 scheduler.cpp:20] launchQueries: 38
I1030 22:47:58.246286 15364 scheduler.cpp:23] executing query: SELECT port.local_port, port.remote_port, port.local_ip, port.remote_ip, socket.pid, process.name, process.cmdline, process.path FROM socket_inode AS socket JOIN port_inode AS port ON socket.inode = port.inode INNER JOIN processes AS process ON socket.pid = process.pid;
==15362== Conditional jump or move depends on uninitialised value(s)
==15362==    at 0x4C30C11: __memcmp_sse4_1 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15362==    by 0x5558A59: std::string::find(char const*, unsigned long, unsigned long) const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==15362==    by 0x80D9D2: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==  Uninitialised value was created by a heap allocation
==15362==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15362==    by 0x80D905: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==    by 0x808C2A: osquery::launchQueries(std::vector<osquery::OsqueryScheduledQuery, std::allocator<osquery::OsqueryScheduledQuery> > const&, long const&) (in /usr/local/bin/osqueryd)
==15362== 
==15362== Conditional jump or move depends on uninitialised value(s)
==15362==    at 0x5558A5C: std::string::find(char const*, unsigned long, unsigned long) const (in /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.19)
==15362==    by 0x80D9D2: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==    by 0x808C2A: osquery::launchQueries(std::vector<osquery::OsqueryScheduledQuery, std::allocator<osquery::OsqueryScheduledQuery> > const&, long const&) (in /usr/local/bin/osqueryd)
==15362==  Uninitialised value was created by a heap allocation
==15362==    at 0x4C2AB80: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==15362==    by 0x80D905: osquery::tables::crawl_proc(std::vector<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > >, std::allocator<std::map<std::string, std::string, std::less<std::string>, std::allocator<std::pair<std::string const, std::string> > > > >&) (in /usr/local/bin/osqueryd)
==15362==    by 0x80E041: osquery::tables::genSocketInode() (in /usr/local/bin/osqueryd)
==15362==    by 0x77FCA0: osquery::tables::socketInodeFilter(sqlite3_vtab_cursor*, int, char const*, int, Mem**) (in /usr/local/bin/osqueryd)
==15362==    by 0x70A9D0: sqlite3VdbeExec (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFA61: sqlite3Step (in /usr/local/bin/osqueryd)
==15362==    by 0x6FFC53: sqlite3_step (in /usr/local/bin/osqueryd)
==15362==    by 0x730734: sqlite3_exec (in /usr/local/bin/osqueryd)
==15362==    by 0x7B52B0: osquery::query(std::string const&, int&, sqlite3*) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B5222: osquery::query(std::string const&, int&) (in /usr/local/bin/osqueryd)
==15362==    by 0x7B1582: osquery::SQL::SQL(std::string const&) (in /usr/local/bin/osqueryd)
==15362==    by 0x808C2A: osquery::launchQueries(std::vector<osquery::OsqueryScheduledQuery, std::allocator<osquery::OsqueryScheduledQuery> > const&, long const&) (in /usr/local/bin/osqueryd)
==15362== 
^C==15362== 
==15362== HEAP SUMMARY:
==15362==     in use at exit: 1,413,885 bytes in 10,959 blocks
==15362==   total heap usage: 407,451 allocs, 396,492 frees, 90,624,306 bytes allocated
==15362== 
==15362== LEAK SUMMARY:
==15362==    definitely lost: 18,306 bytes in 4,084 blocks
==15362==    indirectly lost: 0 bytes in 0 blocks
==15362==      possibly lost: 344,355 bytes in 4,948 blocks
==15362==    still reachable: 1,051,224 bytes in 1,927 blocks
==15362==         suppressed: 0 bytes in 0 blocks
==15362== Rerun with --leak-check=full to see details of leaked memory
==15362== 
==15362== For counts of detected and suppressed errors, rerun with: -v
==15362== ERROR SUMMARY: 7156 errors from 3 contexts (suppressed: 0 from 0)