[Bro-Dev] #813: Problem with libmagic in file analyzer

Bro Tracker bro at tracker.bro-ids.org
Sat Apr 21 11:24:22 PDT 2012 

#813: Problem with libmagic in file analyzer
---------------------+------------------------
 Reporter:  seth     |      Owner:
     Type:  Problem  |     Status:  new
 Priority:  Normal   |  Milestone:  Bro2.1
Component:  Bro      |    Version:  git/master
 Keywords:           |
---------------------+------------------------
 This is current master running on an FTP trace.  It seems that when
 something is transferred over a data channel and the file analyzer tries
 to load libmagic it's failing.

 {{{
 (gdb) bt
 #0  0x00007fff8b6dbce2 in __pthread_kill ()
 #1  0x00007fff977d87d2 in pthread_kill ()
 #2  0x00007fff977c9a7a in abort ()
 #3  0x00000001006ef9c3 in TCMalloc_CRASH_internal ()
 #4  0x00000001006efa62 in TCMalloc_CrashReporter::PrintfAndDie ()
 #5  0x00000001006e8753 in (anonymous namespace)::do_free_with_callback ()
 #6  0x000000010018c1e9 in magic_getpath () at MsgThread.h:352
 #7  0x000000010018ca97 in file_apprentice () at MsgThread.h:352
 #8  0x000000010018c34b in magic_load () at MsgThread.h:352
 #9  0x00000001000bb51c in File_Analyzer::InitMagic (magic=0x1002a22a8,
 flags=3595) at FileAnalyzer.cc:72
 #10 0x00000001000bb71f in File_Analyzer::File_Analyzer (this=0x101df8a00,
 conn=0x0) at FileAnalyzer.cc:16
 #11 0x000000010005a2c2 in File_Analyzer::InstantiateAnalyzer (conn=0x6) at
 FileAnalyzer.h:19
 #12 0x00000001000588b7 in Analyzer::InstantiateAnalyzer (tag=3595,
 c=0xe0b) at Analyzer.cc:197
 #13 0x000000010008dcda in DPM::BuildInitialAnalyzerTree (this=0x1009d5000,
 proto=TRANSPORT_TCP, conn=0x101da58c0, data=0x7fff5fbfe698 "҇}??") at
 DPM.cc:208
 #14 0x0000000100145675 in Connection::IsExternal () at
 /Users/seth/bro/bro.work8/src/Conn.h:1063
 #15 0x0000000100145675 in NetSessions::NewConn (this=0x7fff5fbfef50,
 k=0x7fff5fbfef50, t=6.9532229756608527e-310, data=0x7fff5fbfef50 "??_?",
 proto=2090397624) at Sessions.cc:1065
 #16 0x0000000100146d72 in NetSessions::DoNextPacket (this=0x7fff5fbff090,
 t=6.9532229756766628e-310, hdr=0x101e262e0, ip_hdr=0x0, pkt=0x7fff5fbff090
 "??_?", hdr_size=2090397624) at Sessions.cc:605
 #17 0x00000001001476b0 in IP_Hdr::~IP_Hdr () at
 /Users/seth/bro/bro.work8/src/IP.h:291
 #18 0x00000001001476b0 in NetSessions::NextPacket (this=0x1009d6c00,
 t=6.9532229756916824e-310, hdr=0x1009d6440, pkt=0x10100f200
 "?0bHŵ?,\003;l???`", hdr_size=14, pkt_elem=0x7fff5fbff0b0) at
 Sessions.cc:291
 #19 0x0000000100107c39 in net_packet_dispatch (t=6.9532229756956349e-310,
 hdr=0x1009d6440, pkt=0x10100f200 "?0bHŵ?,\003;l???`", hdr_size=1606414864,
 src_ps=0x1009d6400, pkt_elem=0x7fff5fbff210) at Net.cc:352
 #20 0x0000000100117638 in PktSrc::Process (this=0x1009d6c00) at
 PktSrc.cc:273
 #21 0x0000000100107e31 in net_run () at Net.cc:445
 #22 0x00000001000525c8 in main (argc=2761576, argv=0x1002a2368) at
 main.cc:1034
 }}}

-- 
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/813>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list