[Zeek] Segmentation Fault on Zeek 3.0.0

[TQ]

Hello Zeekers,

I'm currently in the process of migrating from Bro 2.6.2 to Zeek 3.0.0, and
I'm experiencing a small headache with segmentation fault in my plugins.  I
didn't have this issue with Bro 2.6.2, so I'm not 100% sure what happened
here.

After making name changes from Bro to Zeek, I was able to successfully
compile all of the plugins.  When I ran them against pcaps that are
specified for the plugin, I noticed that some of the plugins threw a
segmentation fault ("Segmentation fault (core dumped)").  I was replaying a
pcap file like what I usually do by running:
cd ~/Desktop/logs/ && sudo rm -f *.log && zeek -C -t
~/Desktop/logs/output.log -r ~/Desktop/pcap/ testPlugin1_pcap_1.pcapng

After some troubleshooting, I noticed that only the ones that had a switch
case statement inside a while loop inside main.zeek were affected by this.
I do have checks to prevent resource exhaustion, so I'm not sure why the
new version is not happy.  Anyway, I was able to verify by cd into
"/usr/local/zeek/lib/zeek/plugins/Zeek_testPlugin1/scripts" and commenting
out the affected section in main.zeek.  Even something as simple as this
throws segmentation fault:

while (index < payload_length) {
    header = bytestring_to_count(data[index]);
    len = 0;
    index += 1;
    switch (header) {
        default: ##! test
            break;
    }
    #  dummy check as example
    if (index > 10) {
        break;
    }
}

I've been looking at this for the last 8 hours, so more eyes would be
appreciated.

Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190927/aed8cb15/attachment.html