[Bro-Dev] [JIRA] (BIT-1268) Crash when tracing script execution (invalid argument to script method?)

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Fri Oct 3 07:42:07 PDT 2014


     [ https://bro-tracker.atlassian.net/browse/BIT-1268?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Siwek updated BIT-1268:
---------------------------
    Fix Version/s: 2.4

> Crash when tracing script execution (invalid argument to script method?)
> ------------------------------------------------------------------------
>
>                 Key: BIT-1268
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1268
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3
>         Environment: $ uname -a
> Linux linux-xq75.site 3.16.3-1.gd2bbe7f-desktop #1 SMP PREEMPT Thu Sep 18 06:32:16 UTC 2014 (d2bbe7f) x86_64 x86_64 x86_64 GNU/Linux
> $ clang++ -v
> clang version 3.3 (branches/release_33 183898)
> Target: x86_64-suse-linux
> Thread model: posix
>            Reporter: gclark
>             Fix For: 2.4
>
>
> Running the following against a fresh build of 2.3.1 (also reproduced against a copy of the current master):
> /usr/bro-2.3.1/bin/bro -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out
> generates a segmentation fault.
> Based on the gdb output below, looks like this happens in a call to the dhcp_ack script function.  Also, args->entry[3] is NULL, which seems suspicious to me.
> GDB says:
> (gdb) run -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out
> Starting program: /usr/bro-2.3.1/bin/bro -r ~/Code/bro/testing/btest/Traces/dhcp/dhcp_inform.trace -t /tmp/trace.out
> Execution tracing ON.
> Program received signal SIGSEGV, Segmentation fault.
> Func::DescribeDebug (this=<optimized out>, d=0x7fffffffd198, args=0x2dc5090) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:207
> 207                             (*args)[i]->Describe(d);
> (gdb) bt
> #0  Func::DescribeDebug (this=<optimized out>, d=0x7fffffffd198, args=0x2dc5090) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:207
> #1  0x00000000005812c2 in BroFunc::Call (this=0xdc4fd0, args=0x2dc5090, parent=0x0) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:309
> #2  0x000000000055e095 in EventHandler::Call (this=<optimized out>, vl=0x2dc5090, no_remote=<optimized out>) at /home/clarkg1/Code/bro-2.3.1/src/EventHandler.cc:77
> #3  0x000000000053449b in Event::Dispatch (this=0x343f5d0, no_remote=false) at /home/clarkg1/Code/bro-2.3.1/src/Event.h:48
> #4  0x000000000055d73d in EventMgr::Dispatch (this=0xb0e260 <mgr>) at /home/clarkg1/Code/bro-2.3.1/src/Event.cc:105
> #5  0x000000000055d878 in EventMgr::Drain (this=0xb0e260 <mgr>) at /home/clarkg1/Code/bro-2.3.1/src/Event.cc:120
> #6  0x00000000005b6d6b in net_packet_dispatch (t=1374432420.191205, hdr=0x200b0c0, pkt=0x3408570 "\220\261\034\231I)", hdr_size=14, src_ps=0x200b080) at /home/clarkg1/Code/bro-2.3.1/src/Net.cc:347
> #7  0x00000000005c3049 in PktSrc::Process (this=0x200b080) at /home/clarkg1/Code/bro-2.3.1/src/PktSrc.cc:326
> #8  0x00000000005b6f09 in net_run () at /home/clarkg1/Code/bro-2.3.1/src/Net.cc:389
> #9  0x0000000000533343 in main (argc=0, argv=0x7fffffffdcc8) at /home/clarkg1/Code/bro-2.3.1/src/main.cc:1165
> (gdb) frame 1
> #1  0x00000000005812c2 in BroFunc::Call (this=0xdc4fd0, args=0x2dc5090, parent=0x0) at /home/clarkg1/Code/bro-2.3.1/src/Func.cc:309
> 309                     DescribeDebug(&d, args);
> (gdb) print *this
> $1 = {<Func> = {<BroObj> = {<SerialObj> = {_vptr$SerialObj = 0x7f04e0 <vtable for BroFunc+16>, static NEVER = 0, static ALWAYS = 1, static factories = 0xb1b1c0, static names = 0xb1b200, static time_counter = 2758}, in_ser_cache = false, location = 0xdc58f0, 
>       ref_cnt = 3, static suppress_errors = 0}, bodies = std::vector of length 1, capacity 1 = {{stmts = 0x1855130, priority = 0}}, scope = 0x184f870, kind = Func::BRO_FUNC, type = 0xdc5770, name = "dhcp_ack", unique_id = 127, 
>     static unique_ids = {<std::_Vector_base<Func*, std::allocator<Func*> >> = {_M_impl = {<std::allocator<Func*>> = {<__gnu_cxx::new_allocator<Func*>> = {<No data fields>}, <No data fields>}, _M_start = 0x19cde80, _M_finish = 0x19d0190, 
>           _M_end_of_storage = 0x19d1e80}}, <No data fields>}}, static register_type = {<No data fields>}, tid = {id = 15093, static counter = 224901}, frame_size = 8}
> (gdb) print (*args)
> $6 = {<BaseList> = {entry = 0x343f520, chunk_size = 10, max_entries = 10, num_entries = 7}, <No data fields>}
> (gdb) print args->entry[0]
> $7 = (ent) 0x343d310
> (gdb) print args->entry[1]
> $8 = (ent) 0x343f3a0
> (gdb) print args->entry[2]
> $9 = (ent) 0x343f480
> (gdb) print args->entry[3]
> $10 = (ent) 0x0
> (gdb) print args->entry[4]
> $11 = (ent) 0x343cb50
> (gdb) print args->entry[5]
> $12 = (ent) 0x343f4d0
> (gdb) print args->entry[6]
> $13 = (ent) 0x343f430



--
This message was sent by Atlassian JIRA
(v6.4-OD-05-009#64003)


More information about the bro-dev mailing list