Nmap Development mailing list archives
--excludefile causing reads in free()'d memory
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 5 Mar 2009 20:19:52 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While troubleshooting some other issues, I noticed that Valgrind complains with the following error when I use the --excludefile option: ==12717== Invalid read of size 1 ==12717== at 0x646547C: strtok (in /lib64/libc-2.6.1.so) ==12717== by 0x421E54: load_exclude(_IO_FILE*, char*) (targets.cc:333) ==12717== by 0x41E9AE: nmap_main(int, char**) (nmap.cc:1576) ==12717== by 0x419EA6: main (main.cc:224) ==12717== Address 0x76aa216 is 14 bytes inside a block of size 15 free'd ==12717== at 0x4C210AA: free (in /usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so) ==12717== by 0x456732: TargetGroup::parse_expr(char const*, int) (TargetGroup.cc:318) ==12717== by 0x421E7A: load_exclude(_IO_FILE*, char*) (targets.cc:328) ==12717== by 0x41E9AE: nmap_main(int, char**) (nmap.cc:1576) ==12717== by 0x419EA6: main (main.cc:224) The offending code appears to be targets.cc:328 and targets.cc:333 pc=strtok(acBuf, "\t\n "); while ((char *)0 != pc) { if(excludelist[i].parse_expr(pc,o.af()) == 0) { if (o.debugging > 1) error("Loaded exclude target of: %s", pc); ++i; } pc=strtok(NULL, "\t\n "); } } Valgrind seems to think that parse_expr(pc,o.af()) is causing some memory to be freed that is being read by the subsequent call to pc=strtok(NULL, "\t\n "); I've looked at TargetGroup::parse_expr but it immediately does a strdup() and only frees that. I'm going to generate a suppression for this problem and move on with my troubleshooting but I figure someone is going to want to look at the code in-depth to figure out what is going on. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkmwM+8ACgkQqaGPzAsl94LCPgCeKZG7hIbdwv5kaAPUEBeO+OhS g7cAn0os00shZIB+ioJ73+QhbQtuHOIu =32Dh -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- --excludefile causing reads in free()'d memory Brandon Enright (Mar 05)
- Re: --excludefile causing reads in free()'d memory David Fifield (Mar 09)
- Re: --excludefile causing reads in free()'d memory Richard Moore (Mar 09)
- Re: --excludefile causing reads in free()'d memory Brandon Enright (Mar 15)
- Re: --excludefile causing reads in free()'d memory David Fifield (Mar 16)
- Re: --excludefile causing reads in free()'d memory David Fifield (Mar 09)