Another segv in ArgusCreateIPv4Flow?

David lists at edeca.net
Fri Jul 18 06:23:21 EDT 2008 

I have just read the earlier thread with a segfault in  
ArgusCreateIPv4Flow().  I have modified the code section mentioned  
there but I still get the same results.

I'm no expert with gdb but I managed to compile and grab a backtrace.   
I edited argus/Makefile and replaced the optimisation with -ggdb, is  
there a better way to enable debug?

Below is the backtrace.  In order to share the capture files I'd have  
to sanitise out data.  I am happy to debug and play with the source as  
necessary though.

david at fish ~/tmp/argus/argus-3.0.0 $ gdb bin/argus
GNU gdb 6.7.1
Copyright (C) 2007 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
(gdb) run -r /home/david/tmp/test.pcap
Starting program: /home/david/tmp/argus/argus-3.0.0/bin/argus -r  
/home/david/tmp/test.pcap

Program received signal SIGSEGV, Segmentation fault.
0x08055b29 in ArgusCreateIPv4Flow (model=0x8134008, ip=0x0) at  
ArgusModeler.c:3632
3632       unsigned char *nxtHdr = (unsigned char *)((char *)ip +  
(ip->ip_hl << 2));
(gdb) bt full
#0  0x08055b29 in ArgusCreateIPv4Flow (model=0x8134008, ip=0x0) at  
ArgusModeler.c:3632
         retn = (void *) 0x8134418
         nxtHdr = (unsigned char *) 0x10000000 <Address 0x10000000 out  
of bounds>
         sport = 47097
         dport = 4096
         proto = 0 '\0'
         tp_p = 0 '\0'
         len = 0
         hlen = 0
         ArgusOptionLen = 0
#1  0x08050634 in ArgusCreateFlow (model=0x8134008, ptr=0x813494c,  
length=78) at ArgusModeler.c:1555
         retn = (void *) 0x8134418
         ep = (struct ether_header *) 0x813494c
         keys = 1
         index = 1
         i = 0
#2  0x0804fccc in ArgusProcessIpPacket (model=0x8134008, ip=0x813494c,  
length=78, tvp=0xbfe4927c) at ArgusModeler.c:1361
         retn = 0
         pass = 1
         flow = (struct ArgusFlowStruct *) 0x1
         nflow = (struct ArgusFlowStruct *) 0xbb
         tflow = (struct ArgusSystemFlow *) 0x0
#3  0x08059992 in ArgusIpPacket (user=0xb7d64008 "", h=0xbfe492ec,  
p=0x813494c "E") at ArgusSource.c:1403
         src = (struct ArgusSourceStruct *) 0xb7d64008
         tvpbuf = {tv_sec = 1211532660, tv_usec = 393789}
         tvp = (struct timeval *) 0xbfe4927c
         ip = (struct ip *) 0x813494c
         length = 78
         caplen = 78
         statbuf = {st_dev = 13257796500955894428, __pad1 = 1,  
__st_ino = 0, st_mode = 3085275911, st_nlink = 135481676, st_uid =  
3086700584, st_gid = 78, st_rdev = 339259832066,
   __pad2 = 18764, st_size = 338093555700, st_blksize = 78, st_blocks  
= -5195550500855704984, st_atim = {tv_sec = 135480824, tv_nsec =  
135481676}, st_mtim = {tv_sec = 78,
     tv_nsec = -1075539304}, st_ctim = {tv_sec = -1209733708, tv_nsec  
= 135480824}, st_ino = 335142930764}
#4  0xb7f816ee in pcap_offline_read () from /usr/lib/libpcap.so.0
No symbol table info available.
#5  0xb7fd2650 in _r_debug ()
No symbol table info available.
#6  0x00000001 in ?? ()
No symbol table info available.
#7  0xbfe492f0 in ?? ()
No symbol table info available.
#8  0xb7fc46e9 in _dl_fixup () from /lib/ld-linux.so.2
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
(gdb)

Regards,

David

More information about the argus mailing list