[Bro-Dev] reproducible segfault in master branch
Michael Dopheide
dopheide at es.net
Wed Aug 15 09:39:52 PDT 2018
Excellent, thanks Jon!
-Dop
On Wed, Aug 15, 2018 at 11:18 AM, Jon Siwek <jsiwek at corelight.com> wrote:
> On Tue, Aug 14, 2018 at 10:26 PM Michael Dopheide <dopheide at es.net> wrote:
> >
> > Somehow related to Broker stores and/or casting.
>
> You'll get a better error message/behavior now using:
>
> https://github.com/bro/bro/commit/f336c8c710bdeb41eb0aba88967ee90da24848b2
>
> But ultimately, you likely want to do something like this patch:
>
> ```
> --- known-hosts-with-dns.bro.orig 2018-08-15 11:07:41.000000000 -0500
> +++ known-hosts-with-dns.bro 2018-08-15 10:44:03.000000000 -0500
> @@ -113,7 +113,7 @@
> for (ip in r$result as addr_set){
> when ( local res = Broker::get(Known::host_store$store,ip)){
>
> - if(res?$result){
> + if(res$status == Broker::SUCCESS){
> @if ( ! Cluster::is_enabled() )
> Known::hosts[ip] = fmt("%s",res$result as string);
> @else
> ```
>
> As for why some keys no longer exist in those lookups immediately
> after retrieving the full key set: my guess is they simply expired
> between those two points in time, but I didn't dig into it. The main
> point would be to never assume the Broker::get() call succeeds, which
> was likely your intent, except "res?$result" is always true (another
> form of checking the data exists would be "res$result?$data").
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20180815/1ac4f8cb/attachment.html
More information about the bro-dev
mailing list