Nmap Development mailing list archives
Re: Sergey. [Status report 12/17]
From: Sergey Khegay <g.sergeykhegay () gmail com>
Date: Tue, 19 Jul 2016 20:25:31 -0400
On Tue, Jul 19, 2016 at 2:25 PM, Patrick Donnelly <batrick () batbytes com> wrote:
On Tue, Jul 19, 2016 at 12:41 PM, Sergey Khegay <g.sergeykhegay () gmail com> wrote:- As for the bug with libssh2 integration. As I said before the bug is a consequence of my attempt to resolve memory leak/consumption issue, when libssh2 sessions were not properly freed. Somehow Lua's garbage collector did not call session's gc function (actually called, but not for all sessions).That would lead to a leak, not a segfault right?
Right, my attempt to fix it led to segfault.
- On Windows segmentation fault happens when some cclosure is freed: msvcr120d.dll!5b24d179() Unknown [Frames below may be incorrect and/or missing, no symbols loaded for msvcr120d.dll] [External Code] nmap.exe!l_alloc(void * ud, void * ptr, unsigned int osize, unsignedintnsize) Line 1003 C nmap.exe!luaM_realloc_(lua_State * L, void * block, unsigned int osize, unsigned int nsize) Line 86 Cnmap.exe!freeLclosure(lua_State * L, LClosure * cl) Line 692 Cnmap.exe!freeobj(lua_State * L, GCObject * o) Line 700 C nmap.exe!sweeplist(lua_State * L, GCObject * * p, unsigned int count)Line743 C nmap.exe!sweepstep(lua_State * L, global_State * g, int nextstate, GCObject * * nextlist) Line 1030 C nmap.exe!singlestep(lua_State * L) Line 1068 C nmap.exe!luaC_runtilstate(lua_State * L, int statesmask) Line 1104 C nmap.exe!luaC_fullgc(lua_State * L, int isemergency) Line 1166 C nmap.exe!lua_gc(lua_State * L, int what, int data) Line 1055 C nmap.exe!luaB_collectgarbage(lua_State * L) Line 182 C nmap.exe!luaD_precall(lua_State * L, lua_TValue * func, int nresults)Line365 C nmap.exe!luaV_execute(lua_State * L) Line 1134 C nmap.exe!luaD_call(lua_State * L, lua_TValue * func, int nResults) Line 496 C nmap.exe!luaD_callnoyield(lua_State * L, lua_TValue * func, intnResults)Line 506 C nmap.exe!lua_callk(lua_State * L, int nargs, int nresults, int ctx, int (lua_State *, int, int) * k) Line 924 C nmap.exe!run_main(lua_State * L) Line 651 C++ nmap.exe!luaD_precall(lua_State * L, lua_TValue * func, int nresults)Line365 C nmap.exe!luaD_call(lua_State * L, lua_TValue * func, int nResults) Line 495 C nmap.exe!luaD_callnoyield(lua_State * L, lua_TValue * func, intnResults)Line 506 C nmap.exe!f_call(lua_State * L, void * ud) Line 942 C nmap.exe!luaD_rawrunprotected(lua_State * L, void (lua_State *, void*) *f, void * ud) Line 144 C nmap.exe!luaD_pcall(lua_State * L, void (lua_State *, void *) * func,void* u, int old_top, int ef) Line 727 C nmap.exe!lua_pcallk(lua_State * L, int nargs, int nresults, interrfunc,int ctx, int (lua_State *, int, int) * k) Line 968 C nmap.exe!script_scan(std::vector<Target *,std::allocator<Target *> > & targets, stype scantype) Line 809 C++ nmap.exe!nmap_main(int argc, char * * argv) Line 2155 C++ nmap.exe!main(int argc, char * * argv) Line 228 C++ [External Code] Using the closure's address I traced it down to a closure with 6 upvalues. I do not know how to find a function declaration using its memory address, but in the whole NSE engine's project there are only two closures that use 6 upvalues:This happened in a Lua function (not C) closure. The closure structure (not upvalue) was being freed in this segfault.
Yes, now I read stack trace more carefully. Thank you for pointing this out!
I suggest rebuilding Lua with assertions enabled: https://www.lua.org/source/5.3/llimits.h.html Define lua_assert and luai_apicheck (in the Makefile, also make sure to use --with-liblua=included). This should help check if we did something wrong in the libssh2 library wrapper.
Thank you, I'll try this.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Sergey. [Status report 12/17] Sergey Khegay (Jul 19)
- Re: Sergey. [Status report 12/17] Patrick Donnelly (Jul 19)
- Re: Sergey. [Status report 12/17] Sergey Khegay (Jul 19)
- Re: Sergey. [Status report 12/17] Sergey Khegay (Jul 22)
- Re: Sergey. [Status report 12/17] Patrick Donnelly (Jul 22)
- Re: Sergey. [Status report 12/17] Sergey Khegay (Jul 23)
- Re: Sergey. [Status report 12/17] Sergey Khegay (Jul 19)
- Re: Sergey. [Status report 12/17] Patrick Donnelly (Jul 19)