Snort mailing list archives
Re: snort 1.8.4b1 dumping core
From: Kris Kennaway <kris () obsecurity org>
Date: Fri, 15 Feb 2002 18:36:19 -0800
On Mon, Feb 04, 2002 at 11:06:28PM +0700, Fyodor wrote:
(gdb) bt #0 pcap_read (p=0x0, cnt=134884155, callback=0x875bac0, user=0xc <Address 0xc out of bounds>) at /usr/src/lib/libpcap/../../contrib/libpcap/pcap-bpf.c:121 #1 0x807f430 in pcap_loop (p=0x8130000, cnt=-1, callback=0x875bac0, user=0x0) at /usr/src/lib/libpcap/../../contrib/libpcap/pcap.c:79That's very interesting. Pcap_t struct ptr which we pass to pcap_loop is a meaningful pointer but pcap_read already has it set to NULL. Very likely something messy has happened. (also user ptr got overwritten, that normally shouldn't happen). Strange that it didn't coredump somewhere at the beginning of pcap_read():
Just FYI, this hasn't gone away..I've rebuilt snort a couple of times in the meantime. It seems to mostly dump core when I'm loading down the network it's monitoring. All of the coredumps I've bothered to check are in the same place (as above).
ls -l /var/cores/
total 385056 -rw------- 1 root wheel 7311360 Feb 3 20:29 snort.0.23239.core -rw------- 1 root wheel 8114176 Feb 6 19:17 snort.0.23903.core -rw------- 1 root wheel 7311360 Feb 3 20:46 snort.0.25722.core -rw------- 1 root wheel 8740864 Feb 15 18:29 snort.0.27952.core -rw------- 1 root wheel 7430144 Feb 3 16:52 snort.0.29362.core -rw------- 1 root wheel 7311360 Feb 3 20:49 snort.0.31452.core -rw------- 1 root wheel 7843840 Feb 3 21:25 snort.0.31697.core -rw------- 1 root wheel 7516160 Feb 2 16:22 snort.0.39788.core -rw------- 1 root wheel 7344128 Feb 3 21:58 snort.0.47071.core -rw------- 1 root wheel 8380416 Feb 3 20:24 snort.0.4715.core -rw------- 1 root wheel 7491584 Feb 4 03:54 snort.0.58269.core -rw------- 1 root wheel 7331840 Feb 3 17:10 snort.0.77834.core -rw------- 1 root wheel 7323648 Feb 3 17:20 snort.0.77888.core -rw------- 1 root wheel 7536640 Feb 15 18:29 snort.0.79705.core -rw------- 1 root wheel 7532544 Feb 15 18:29 snort.0.80215.core -rw------- 1 root wheel 7540736 Feb 15 18:30 snort.0.80981.core -rw------- 1 root wheel 7561216 Feb 15 18:31 snort.0.82992.core -rw------- 1 root wheel 7528448 Feb 2 16:43 snort.0.83120.core -rw------- 1 root wheel 7532544 Feb 15 18:31 snort.0.83659.core -rw------- 1 root wheel 7532544 Feb 15 18:32 snort.0.84139.core -rw------- 1 root wheel 7561216 Feb 15 18:33 snort.0.85029.core -rw------- 1 root wheel 7516160 Feb 2 15:28 snort.0.85884.core -rw------- 1 root wheel 7311360 Feb 3 18:52 snort.0.88255.core -rw------- 1 root wheel 7389184 Feb 3 15:59 snort.0.89818.core -rw------- 1 root wheel 7569408 Feb 3 19:27 snort.0.90795.core -rw------- 1 root wheel 7311360 Feb 4 04:20 snort.0.9569.core
Kris
Attachment:
_bin
Description:
Current thread:
- Re: snort 1.8.4b1 dumping core, (continued)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Fyodor (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 03)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 03)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 03)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 03)
- Re: snort 1.8.4b1 dumping core Fyodor (Feb 04)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 15)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 15)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 15)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 15)
- Re: snort 1.8.4b1 dumping core Kris Kennaway (Feb 02)
- Re: snort 1.8.4b1 dumping core Martin Roesch (Feb 02)