Bro signatures parse error?

wangliejun wangliejun at nsfocus.com
Fri Sep 19 01:13:57 PDT 2003 

On Wed, 17 Sep 2003 04:17:54 +0200
Robin Sommer <robin at icir.org> wrote:

> 
> On Tue, Sep 16, 2003 at 22:14 +0800, you wrote:
> 
> > option, Bro core dumps, it seems a problem in the code of printing debug
> > infomation.
> 
> I cannot reproduce this here. Could you send me stack backtrace
> generated from the core dump?
> 
[root@ /usr/local/sbin]> gdb -c bro.core -s bro
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `bro'.
Program terminated with signal 11, Segmentation fault.
#0  0x282aa022 in ?? ()
(gdb) bt
#0  0x282aa022 in ?? ()
#1  0x282a8e1d in ?? ()
#2  0x282a915a in ?? ()
#3  0x282a8d59 in ?? ()
#4  0x80e6999 in RuleMatcher::PrintTreeDebug ()
#5  0x80e693e in RuleMatcher::PrintDebug ()
#6  0x804c6df in main ()
#7  0x804b211 in _start ()
(gdb) i f 4
Stack frame at 0xbfbff8c0:
 eip = 0x80e6999 in RuleMatcher::PrintTreeDebug(RuleHdrTest *); saved eip 0x80e693e
Cannot access memory at address 0x80e6948.
(gdb) i f 3
Stack frame at 0xbfbff880:
 eip = 0x282a8d59; saved eip 0x80e6999
 called by frame at 0xbfbff8c0, caller of frame at 0xbfbff850
 Arglist at 0xbfbff880, args:
 Locals at 0xbfbff880, Previous frame's sp is 0x0
 Saved registers:
  ebp at 0xbfbff880, eip at 0xbfbff884
(gdb) i f 2
Stack frame at 0xbfbff850:
 eip = 0x282a915a; saved eip 0x282a8d59
 called by frame at 0xbfbff880, caller of frame at 0xbfbff5e0
 Arglist at 0xbfbff850, args:
 Locals at 0xbfbff850, Previous frame's sp is 0x0
 Saved registers:
  ebp at 0xbfbff850, eip at 0xbfbff854
(gdb) i r
eax            0x0      0
ecx            0xffffffff       -1
edx            0x282a9f74       673881972
ebx            0x282bc664       673957476
esp            0xbfbfeef8       0xbfbfeef8
ebp            0xbfbff150       0xbfbff150
esi            0x1      1
edi            0x9fd    2557
eip            0x282aa022       0x282aa022
eflags         0x286    646
cs             0x1f     31
ss             0x2f     47
ds             0x2f     47
es             0x2f     47
fs             0x2f     47
gs             0x2f     47

It seems stack has been corrupted.

-- 
stardust <stardust at nsfocus.com>

More information about the Bro mailing list