[Bro-Dev] [JIRA] (BIT-1425) BroString::Set() Attempts Allocation of Negative-Length Memory

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Mon Aug 31 10:47:00 PDT 2015

     [ https://bro-tracker.atlassian.net/browse/BIT-1425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robin Sommer updated BIT-1425:
    Resolution: Fixed
        Status: Closed  (was: Open)

> BroString::Set() Attempts Allocation of Negative-Length Memory
> --------------------------------------------------------------
>                 Key: BIT-1425
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1425
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3, 2.4
>         Environment: Linux Mint 17.1 (Ubuntu 14.04) on bare metal and in a VirtualBox VM.
> Mac OS X 10.10.3
>            Reporter: Jonathan Ganz
>            Assignee: Robin Sommer
>              Labels: analyzer
>             Fix For: 2.5
>         Attachments: backtrace.log, lbl-internal.20041215-1142.port004.dump.anon, memory_trace.log, negativeMemory.bro
> When the tcp_packet() event is used, Bro may attempt to allocate memory that is negative in length (i.e. -6 bytes). Bro crashes with the following output:
> tcmalloc: large alloc 0 bytes == (nil) @  0x7f6abeaefc73 0x7f6abeb111c3 0x765e81 0x765b24 0x872562 0xaddc2f 0xaded94 0xb7aeca 0x775180 0x84105b 0x83f5c0 0x83f39d 0x7fb1bc 0xb3cde6 0x7fb3d9 0x750e98 0x7f6abdaf4ec5 0x72e553 (nil)
> out of memory in new.
> 1103139821.634774 fatal error: out of memory in new.
> The attached pcap file and bro script cause such a crash when run with the following command:
> /usr/local/bro/bin/bro -r lbl-internal.20041215-1142.port004.dump.anon /usr/local/bro/share/bro/site/negativeMemory.bro
> A core file is not being generated for me, despite following the directions for reporting problems (https://www.bro.org/support/reporting-problems.html#getting-more-information-after-acrash). The file named memory_trace.log shows an alternatively formatted traceback of the stack when the error occurs.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list