[Bro-Dev] newly found segfaults from metrics framework

Jonathan Siwek jsiwek at ncsa.illinois.edu
Tue Aug 16 07:45:13 PDT 2011

> After I did more work on the metrics framework today I started seeing new segfaults but they appear to derive from memory corruption.  I'm seeing them all over the place now when I load the frameworks/metrics/ssl-example.bro

I was playing some last night with that and think I was seeing the same thing as you running with ssl-example.bro on the 2009-M57-day11-21.trace

Trying to track it down, there was one line in base/protocols/ssl/main.bro that is either directly causing the problem or possibly related.  In the ssl_extension handler:

        c$ssl$server_name = sub_bytes(val, 6, |val|);

Changing that to assign a static dummy string instead made the crashes stop.  What the sub_bytes BIF was doing looked ok -- seems to be confirmed by removing that and directly assigning 'val' to $server_name still causes crashes.

Don't think anything looked wrong about how that 'val' StringVal was being created in the SSL analyzer either, so it seems like it may be clobbered somewhere in between the point that it's created and when the metrics framework wants to use it.  I'll see if I can find out where that is today, but if you see the same thing as above, do you have any ideas?

- Jon

More information about the bro-dev mailing list