segfault while doing -A scan

[Matt Selsky <selsky () columbia edu>]

Using svn trunk, I'm scanning from an OSX 10.6.2 Macbook against a Powerbook running 10.5:

$ sudo NMAPDIR=. gdb ./nmap 
GNU gdb 6.3.50-20050815 (Apple version gdb-1346) (Fri Sep 18 20:40:51 UTC 2009)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-apple-darwin"...Reading symbols for shared libraries ...... done

(gdb) run -d -A 192.168.1.113
Starting program: /Users/selsky/src/insecure.org/nmap/nmap -d -A 192.168.1.113
Reading symbols for shared libraries .+++++.. done
Starting Nmap 5.10BETA2 ( http://nmap.org ) at 2009-12-25 16:32 EST
Nmap wishes you a merry Christmas! Specify -sX for Xmas Scan (http://nmap.org/book/man-port-scanning-techniques.html).
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 37 scripts for scanning.
Warning: Unable to open interface vmnet1 -- skipping it.
Warning: Unable to open interface vmnet8 -- skipping it.
Initiating ARP Ping Scan at 16:32
Scanning 192.168.1.113 [1 port]
Packet capture filter (device en0): arp and arp[18:4] = 0x001F5BD3 and arp[22:2] = 0xB3A6
Completed ARP Ping Scan at 16:32, 0.01s elapsed (1 total hosts)
Overall sending rates: 90.06 packets / s, 3782.42 bytes / s.
mass_rdns: Using DNS server 192.168.1.1
Initiating SYN Stealth Scan at 16:32
Scanning 192.168.1.113 [1000 ports]
Packet capture filter (device en0): dst host 192.168.1.104 and (icmp or ((tcp or udp or sctp) and (src host 
192.168.1.113)))
Discovered open port 22/tcp on 192.168.1.113
Discovered open port 5900/tcp on 192.168.1.113
Discovered open port 88/tcp on 192.168.1.113
Increased max_successful_tryno for 192.168.1.113 to 1 (packet drop)
Increased max_successful_tryno for 192.168.1.113 to 2 (packet drop)
Increased max_successful_tryno for 192.168.1.113 to 3 (packet drop)
Discovered open port 548/tcp on 192.168.1.113
Destroying timed-out global ping from 192.168.1.113.
Completed SYN Stealth Scan at 16:32, 8.78s elapsed (1000 total ports)
Overall sending rates: 159.84 packets / s, 7033.17 bytes / s.
Initiating Service scan at 16:32
Scanning 4 services on 192.168.1.113
Completed Service scan at 16:32, 6.01s elapsed (4 services on 1 host)
Starting RPC scan against 192.168.1.113
Packet capture filter (device en0): dst host 192.168.1.104 and (icmp or (tcp and (src host 192.168.1.113)))
Initiating OS detection (try #1) against 192.168.1.113
Ignoring claimed 192.168.1.113 uptime of 14603 daysOS detection timingRatio() == (1261776749.351 - 1261776748.851) * 
1000 / 500 == 1.002

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: 13 at address: 0x0000000000000000
0x00007fff81f28f73 in std::_List_node_base::hook ()
(gdb) bt
#0  0x00007fff81f28f73 in std::_List_node_base::hook ()
#1  0x0000000100058c43 in std::string::_M_rep () at /usr/include/c++/4.2.1/bits/basic_string.h:1162
#2  0x0000000100058c43 in traceroute_direct [inlined] () at /Users/selsky/src/insecure.org/nmap/traceroute.cc:493
#3  0x0000000100058c43 in traceroute (Targets=<value temporarily unavailable, due to optimizations>) at 
basic_string.h:1397
#4  0x0000000100008c15 in nmap_main (argc=4, argv=0x7fff5fbff908) at nmap.cc:1890
#5  0x00000001000039db in main (argc=4, argv=0x7fff5fbff908) at main.cc:205

Let me know if I can provide further information.


-- 
Matt
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/