[Bro-Dev] [JIRA] (BIT-1268) Crash when tracing output

gclark (JIRA) jira at bro-tracker.atlassian.net
Thu Oct 2 20:28:07 PDT 2014


gclark created BIT-1268:
---------------------------

             Summary: Crash when tracing output
                 Key: BIT-1268
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1268
             Project: Bro Issue Tracker
          Issue Type: Problem
          Components: Bro
    Affects Versions: 2.3
         Environment: $ uname -a
Linux linux-xq75.site 3.16.3-1.gd2bbe7f-desktop #1 SMP PREEMPT Thu Sep 18 06:32:16 UTC 2014 (d2bbe7f) x86_64 x86_64 x86_64 GNU/Linux
$ clang++ -v
clang version 3.3 (branches/release_33 183898)
Target: x86_64-suse-linux
Thread model: posix
            Reporter: gclark


Running the following against a fresh build of 2.3.1 (also reproduced against a copy of the current master):

/usr/bro-2.3.1/bin/bro -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out

generates a segmentation fault.

Based on the gdb output below, looks like this happens in a call to the dhcp_ack script function.  Also, args->entry[3] is NULL, which seems suspicious to me.

GDB says:

(gdb) run -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out
Starting program: /usr/bro-2.3.1/bin/bro -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out
Execution tracing ON.

Program received signal SIGSEGV, Segmentation fault.
Func::DescribeDebug (this=<optimized out>, d=0x7fffffffd198, args=0x2dc5090) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:207
207                             (*args)[i]->Describe(d);
(gdb) bt
#0  Func::DescribeDebug (this=<optimized out>, d=0x7fffffffd198, args=0x2dc5090) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:207
#1  0x00000000005812c2 in BroFunc::Call (this=0xdc4fd0, args=0x2dc5090, parent=0x0) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:309
#2  0x000000000055e095 in EventHandler::Call (this=<optimized out>, vl=0x2dc5090, no_remote=<optimized out>) at /home/clarkg1/Code/bro-2.3.1/src/EventHandler.cc:77
#3  0x000000000053449b in Event::Dispatch (this=0x343f5d0, no_remote=false) at /home/clarkg1/Code/bro-2.3.1/src/Event.h:48
#4  0x000000000055d73d in EventMgr::Dispatch (this=0xb0e260 <mgr>) at /home/clarkg1/Code/bro-2.3.1/src/Event.cc:105
#5  0x000000000055d878 in EventMgr::Drain (this=0xb0e260 <mgr>) at /home/clarkg1/Code/bro-2.3.1/src/Event.cc:120
#6  0x00000000005b6d6b in net_packet_dispatch (t=1374432420.191205, hdr=0x200b0c0, pkt=0x3408570 "\220\261\034\231I)", hdr_size=14, src_ps=0x200b080) at /home/clarkg1/Code/bro-2.3.1/src/Net.cc:347
#7  0x00000000005c3049 in PktSrc::Process (this=0x200b080) at /home/clarkg1/Code/bro-2.3.1/src/PktSrc.cc:326
#8  0x00000000005b6f09 in net_run () at /home/clarkg1/Code/bro-2.3.1/src/Net.cc:389
#9  0x0000000000533343 in main (argc=0, argv=0x7fffffffdcc8) at /home/clarkg1/Code/bro-2.3.1/src/main.cc:1165
(gdb) frame 1
#1  0x00000000005812c2 in BroFunc::Call (this=0xdc4fd0, args=0x2dc5090, parent=0x0) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:309
309                     DescribeDebug(&d, args);
(gdb) print *this
$1 = {<Func> = {<BroObj> = {<SerialObj> = {_vptr$SerialObj = 0x7f04e0 <vtable for BroFunc+16>, static NEVER = 0, static ALWAYS = 1, static factories = 0xb1b1c0, static names = 0xb1b200, static time_counter = 2758}, in_ser_cache = false, location = 0xdc58f0, 
      ref_cnt = 3, static suppress_errors = 0}, bodies = std::vector of length 1, capacity 1 = {{stmts = 0x1855130, priority = 0}}, scope = 0x184f870, kind = Func::BRO_FUNC, type = 0xdc5770, name = "dhcp_ack", unique_id = 127, 
    static unique_ids = {<std::_Vector_base<Func*, std::allocator<Func*> >> = {_M_impl = {<std::allocator<Func*>> = {<__gnu_cxx::new_allocator<Func*>> = {<No data fields>}, <No data fields>}, _M_start = 0x19cde80, _M_finish = 0x19d0190, 
          _M_end_of_storage = 0x19d1e80}}, <No data fields>}}, static register_type = {<No data fields>}, tid = {id = 15093, static counter = 224901}, frame_size = 8}

(gdb) print (*args)
$6 = {<BaseList> = {entry = 0x343f520, chunk_size = 10, max_entries = 10, num_entries = 7}, <No data fields>}
(gdb) print args->entry[0]
$7 = (ent) 0x343d310
(gdb) print args->entry[1]
$8 = (ent) 0x343f3a0
(gdb) print args->entry[2]
$9 = (ent) 0x343f480
(gdb) print args->entry[3]
$10 = (ent) 0x0
(gdb) print args->entry[4]
$11 = (ent) 0x343cb50
(gdb) print args->entry[5]
$12 = (ent) 0x343f4d0
(gdb) print args->entry[6]
$13 = (ent) 0x343f430




--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)


More information about the bro-dev mailing list