![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Segfault on Alpha 1.9.0
From: Alain Fauconnet <alain () cscoms net>
Date: Tue, 15 Oct 2002 10:29:21 +0700
I have the same problem here. Snort 1.9.0 running on a Compaq Alphaserver EV6 box with FreeBSD-Alpha 4.2, compiled using gcc version 2.95.2 19991024. Snort 1.8.x used to run rock solid. I'm investigating the thing right now. It SIGSEGVs here: Program received signal SIGSEGV, Segmentation fault. 0x120054888 in PreprocUrlDecode (p=0x1) at spp_http_decode.c:443 443 while(index < end && !lookup_whitespace[(u_int)(*index)]) Stack backtrace: #0 0x120054888 in PreprocUrlDecode (p=0x1) at spp_http_decode.c:443 #1 0x120028864 in Preprocess (p=0x11ffad20) at detect.c:83 #2 0x12001e63c in ProcessPacket (user=0x0, pkthdr=0x0, pkt=0x0) at snort.c:580 #3 0x1600f4964 in pcap_read () from /usr/lib/libpcap.so.2 #4 0x1600f4438 in pcap_loop () from /usr/lib/libpcap.so.2 #5 0x120020664 in InterfaceThread (arg=0x0) at snort.c:1637 #6 0x12001e41c in SnortMain (argc=0, argv=0x0) at snort.c:514 #7 0x12001daf8 in main (argc=536882744, argv=0x0) at snort.c:95 Value of variables: (gdb) p index $1 = 0x120171cc1 "£3" It looks like the argument passed to PreprocUrlDecode is wrong. It should be a valid (Packet *), which 0x1 can't be. (gdb) p p $3 = (Packet *) 0x1 Curiously, the program crashes at line #443, which is beyond the reference to *p at lines 438 index = (char *) p->data; /* index into the data portion of the packet */ 439 end = (char *) p->data + p->dsize; 440 psize = (u_int16_t) (p->dsize); But that could be one of the oddities of the Alpha processor that signals come late. Thinking about this twice, if I go up one level of stack frame (thus in Preprocess (p=0x11ffad20) and I look at the contents of *p, I have: (gdb) p *p $5 = {pkth = 0x120171c68, pkt = 0x120171c8a "\b", fddihdr = 0x0, fddisaps = 0x0, fddisna = 0x0, fddiiparp = 0x0, fddiother = 0x0, trh = 0x0, trhllc = 0x0, trhmr = 0x0, sllh = 0x0, pfh = 0x0, eh = 0x120171c8a, vh = 0x0, ehllc = 0x0, ehllcother = 0x0, wifih = 0x0, ah = 0x0, eplh = 0x0, eaph = 0x0, eaptype = 0x0, eapolk = 0x0, iph = 0x120171c98, orig_iph = 0x0, ip_options_len = 0, ip_options_data = 0x0, tcph = 0x120171cac, orig_tcph = 0x0, tcp_options_len = 0, tcp_options_data = 0x0, udph = 0x0, orig_udph = 0x0, icmph = 0x0, orig_icmph = 0x0, ext = 0x0, data = 0x120171cc0 "q£3", dsize = 536, alt_dsize = 0, frag_flag = 0 '\000', frag_offset = 0, mf = 0 '\000', df = 1 '\001', rf = 0 '\000', sp = 1064, dp = 80, orig_sp = 0, orig_dp = 0, caplen = 0, uri_count = 0 '\000', ssnptr = 0x120977b00, state = 0x0, ip_options = {{code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>}, ip_option_count = 0, ip_lastopt_bad = 0 '\000', tcp_options = {{code = 0 '\000', len = 0, data = 0x0} <repeats 40 times>}, tcp_option_count = 0, tcp_lastopt_bad = 0 '\000', csum_flags = 0 '\000', packet_flags = 1172} (gdb) p p->data $6 = (u_int8_t *) 0x120171cc0 "q£3" That is quite consistent with the value of 'index' above. So it could be that the value of 'p' is correct after all (but then why does gdb display it as wrong?). I'm kind of stuck here. Hope that can give hints to the developers. I also have gadzillions of unaligned access warnings, all inside functions CheckSrcIP and CheckDstIP. I suspect a misaligned structure. pid 31358 (snort): unaligned access: va=0x120196032 pc=0x12002a210 ra=0x1200293e8 op=ldl pid 31358 (snort): unaligned access: va=0x120196036 pc=0x12002a428 ra=0x12002a280 op=ldl Greets, _Alain_ ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segfault on Alpha 1.9.0 Kunos Péter (Oct 09)
- Re: Segfault on Alpha 1.9.0 Erek Adams (Oct 09)
- <Possible follow-ups>
- RE: Segfault on Alpha 1.9.0 Kunos Péter (Oct 09)
- Re: Segfault on Alpha 1.9.0 Alain Fauconnet (Oct 17)
- Re: Segfault on Alpha 1.9.0 Alain Fauconnet (Oct 17)