Argus 3.0.5.10: double free or corruption detected by glibc
Markku Parviainen
maketsi at gmail.com
Thu Feb 16 10:54:41 EST 2012
Hi,
There seems to be a bug in argus causing it to crash while converting
tcpdump generated pcap file to argus data file. Test file included.
# /opt/argus-3.0.5.10-debug/sbin/argus -D8 -r test.pcap -w test.arg
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.868861 ArgusCalloc (1, 1772)
returning 0x989f008
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869259 ArgusNewModeler()
returning 0x989f008
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869347 ArgusCalloc (1,
4229692) returning 0xb72bc008
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869410
ArgusNewSource(0x989f008) returning 0xb72bc008
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869463 ArgusCalloc (1, 196)
returning 0x989f748
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869516 ArgusCalloc (1, 88)
returning 0x989f810
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869568 ArgusNewQueue ()
returning 0x989f810
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869616 ArgusCalloc (1, 112)
returning 0x989fb30
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869658 ArgusNewList ()
returning 0x989fb30
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869697 ArgusCalloc (1, 112)
returning 0x989fba8
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869737 ArgusNewList ()
returning 0x989fba8
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869775 ArgusNewOutput()
returning retn 0x989f748
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.869845
setArgusMarReportInterval(60) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870146 setArgusID(0xb72bc008,
0xbfbc68c0, 0x20) done
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870225 setArgusPortNum(561) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870289 ArgusCalloc (1, 112)
returning 0x989fd88
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870332 ArgusNewList ()
returning 0x989fd88
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870373 ArgusCalloc (1, 8)
returning 0x989fe00
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870421 ArgusPushBackList
(0x989fd88, 0x989fe00, 1) returning 1
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870464
ArgusParseResourceFile: ArgusBindAddr "(null)"
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870560
clearArgusDevice(0xb72bc008) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870604 ArgusCalloc (1, 112)
returning 0x989fe20
argus[4515.d0586cb7]: 16 Feb 12 17:24:08.870646 ArgusNewList ()
returning 0x989fe20
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.896887 ArgusCalloc (1, 44)
returning 0x98a8968
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.896997 ArgusPushFrontList
(0x989fe20, 0x98a8968, 1) returning 0x989fe98
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.897090 setArgusDevice(eth0.1) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899779 ArgusDeleteList
((nil), 2) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899865 ArgusCalloc (1, 112)
returning 0x98a1c50
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899912 ArgusNewList ()
returning 0x98a1c50
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899952 ArgusCalloc (1, 12)
returning 0x98a1cc8
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.899994 ArgusPushFrontList
(0x98a1c50, 0x98a1cc8, 1) returning 0xbfbc690a
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900130
setArgusMarReportInterval(900) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900507 ArgusCalloc (1, 112)
returning 0x989fc20
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900558 ArgusNewList ()
returning 0x989fc20
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900624 ArgusCalloc (1, 12)
returning 0x989fc98
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900672 ArgusPushBackList
(0x989fc20, 0x989fc98, 1) returning 1
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900717 ArgusCalloc (1, 4)
returning 0x989fcb8
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900767 ArgusPushFrontList
(0x989fc20, 0x989fc98, 1) returning 0xb78d23c0
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.900912 ArgusFree (0x989fcb8)
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901415 ArgusSortFileList(0x989fc20)
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901494 ArgusDeleteList
(0x98a1c50, 2) 1 items on list
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901578 ArgusFree (0x98a1cc8)
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901654 ArgusFree (0x98a1c50)
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901709 ArgusDeleteList
(0x98a1c50, 2) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901768 ArgusCalloc (1, 112)
returning 0x98a1c50
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901825 ArgusNewList ()
returning 0x98a1c50
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901881 ArgusCalloc (1, 12)
returning 0x98a1cc8
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.901944 ArgusPushFrontList
(0x98a1c50, 0x98a1cc8, 1) returning 0xbfbc88d7
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.902011 setArgusPortNum(0) returning
argus[4515.d0586cb7]: 16 Feb 12 17:24:09.902069 ArgusDeleteList
(0x989fd88, 6) 1 items on list
*** glibc detected *** argus: double free or corruption (fasttop):
0x0989fe00 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b591)[0xb7731591]
/lib/tls/i686/cmov/libc.so.6(+0x6cde8)[0xb7732de8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0xb7735ecd]
argus[0x807343d]
argus[0x8062b29]
argus[0x804bbc2]
argus[0x804ed23]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb76dcbd6]
argus[0x804b1c1]
======= Memory map: ========
08048000-080a1000 r-xp 00000000 08:01 4644898
/opt/argus-3.0.5.10-debug/sbin/argus
080a1000-080a2000 r--p 00059000 08:01 4644898
/opt/argus-3.0.5.10-debug/sbin/argus
080a2000-080a4000 rw-p 0005a000 08:01 4644898
/opt/argus-3.0.5.10-debug/sbin/argus
080a4000-080a9000 rw-p 00000000 00:00 0
0989f000-098c0000 rw-p 00000000 00:00 0 [heap]
b6ff1000-b6ffe000 r-xp 00000000 08:01 7741502 /lib/libgcc_s.so.1
b6ffe000-b6fff000 r--p 0000c000 08:01 7741502 /lib/libgcc_s.so.1
b6fff000-b7000000 rw-p 0000d000 08:01 7741502 /lib/libgcc_s.so.1
b7000000-b7021000 rw-p 00000000 00:00 0
b7021000-b7100000 ---p 00000000 00:00 0
b7106000-b7110000 r-xp 00000000 08:01 7758726
/lib/tls/i686/cmov/libnss_files-2.11.1.so
b7110000-b7111000 r--p 00009000 08:01 7758726
/lib/tls/i686/cmov/libnss_files-2.11.1.so
b7111000-b7112000 rw-p 0000a000 08:01 7758726
/lib/tls/i686/cmov/libnss_files-2.11.1.so
b7112000-b7125000 r-xp 00000000 08:01 7758720
/lib/tls/i686/cmov/libnsl-2.11.1.so
b7125000-b7126000 r--p 00012000 08:01 7758720
/lib/tls/i686/cmov/libnsl-2.11.1.so
b7126000-b7127000 rw-p 00013000 08:01 7758720
/lib/tls/i686/cmov/libnsl-2.11.1.so
b7127000-b7129000 rw-p 00000000 00:00 0
b7129000-b712f000 r-xp 00000000 08:01 7758722
/lib/tls/i686/cmov/libnss_compat-2.11.1.so
b712f000-b7130000 r--p 00006000 08:01 7758722
/lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7130000-b7131000 rw-p 00007000 08:01 7758722
/lib/tls/i686/cmov/libnss_compat-2.11.1.so
b7145000-b7190000 r--s 00000000 00:0f 5101 /dev/usbmon1
b7190000-b71db000 r--s 00000000 00:0f 5107 /dev/usbmon3
b71db000-b7226000 r--s 00000000 00:0f 5136 /dev/usbmon5
b7226000-b7271000 r--s 00000000 00:0f 5131 /dev/usbmon2
b7271000-b72bc000 r--s 00000000 00:0f 5119 /dev/usbmon4
b72bc000-b76c6000 rw-p 00000000 00:00 0
b76c6000-b7819000 r-xp 00000000 08:01 7758709
/lib/tls/i686/cmov/libc-2.11.1.so
b7819000-b781a000 ---p 00153000 08:01 7758709
/lib/tls/i686/cmov/libc-2.11.1.so
b781a000-b781c000 r--p 00153000 08:01 7758709
/lib/tls/i686/cmov/libc-2.11.1.so
b781c000-b781d000 rw-p 00155000 08:01 7758709
/lib/tls/i686/cmov/libc-2.11.1.so
b781d000-b7820000 rw-p 00000000 00:00 0
b7820000-b7834000 r-xp 00000000 08:01 3739457 /usr/lib/libz.so.1.2.3.3
b7834000-b7836000 rw-p 00013000 08:01 3739457 /usr/lib/libz.so.1.2.3.3
b7836000-b785a000 r-xp 00000000 08:01 7758717
/lib/tls/i686/cmov/libm-2.11.1.so
b785a000-b785b000 r--p 00023000 08:01 7758717
/lib/tls/i686/cmov/libm-2.11.1.so
b785b000-b785c000 rw-p 00024000 08:01 7758717
/lib/tls/i686/cmov/libm-2.11.1.so
b785c000-b785d000 rw-p 00000000 00:00 0
b785d000-b7872000 r-xp 00000000 08:01 7758735
/lib/tls/i686/cmov/libpthread-2.11.1.so
b7872000-b7873000 r--p 00014000 08:01 7758735
/lib/tls/i686/cmov/libpthread-2.11.1.so
b7873000-b7874000 rw-p 00015000 08:01 7758735
/lib/tls/i686/cmov/libpthread-2.11.1.so
b7874000-b7876000 rw-p 00000000 00:00 0
b7876000-b78a7000 r-xp 00000000 08:01 3738968 /usr/lib/libpcap.so.1.0.0
b78a7000-b78a8000 r--p 00031000 08:01 3738968 /usr/lib/libpcap.so.1.0.0
b78a8000-b78a9000 rw-p 00032000 08:01 3738968 /usr/lib/libpcap.so.1.0.0
b78b2000-b78ba000 r-xp 00000000 08:01 7758730
/lib/tls/i686/cmov/libnss_nis-2.11.1.so
b78ba000-b78bb000 r--p 00007000 08:01 7758730
/lib/tls/i686/cmov/libnss_nis-2.11.1.so
b78bb000-b78bc000 rw-p 00008000 08:01 7758730
/lib/tls/i686/cmov/libnss_nis-2.11.1.so
b78bd000-b78bf000 rw-p 00000000 00:00 0
b78bf000-b78da000 r-xp 00000000 08:01 7741460 /lib/ld-2.11.1.so
b78da000-b78db000 r--p 0001a000 08:01 7741460 /lib/ld-2.11.1.so
b78db000-b78dc000 rw-p 0001b000 08:01 7741460 /lib/ld-2.11.1.so
bfba8000-bfbc9000 rw-p 00000000 00:00 0 [stack]
ffffe000-fffff000 r-xp 00000000 00:00 0 [vdso]
Aborted
# gcc -v
Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
4.3.2-1ubuntu12'
--with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc
--enable-mpfr --enable-targets=all --enable-checking=release
--build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu
Thread model: posix
gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12)
# uname -r
2.6.36.2
LIBC:
lrwxrwxrwx 1 root root 14 2010-12-30 21:04 /lib/libc.so.6 -> libc-2.11.1.so
-rwxr-xr-x 1 root root 1335560 2010-05-21 13:39 /lib/libc-2.11.1.so
-rw-r--r-- 1 root root 3031076 2010-05-21 13:39 /usr/lib/libc.a
-rw-r--r-- 1 root root 238 2010-05-21 13:19 /usr/lib/libc.so
This same code and sample works fine on my another linux host (64bit,
gcc 4.2.4). I'm guessing the glibc there may not have an internal
stack protection code enabled, or that the 64bit code generated is
somehow different.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.pcap
Type: application/octet-stream
Size: 598 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20120216/39f62481/attachment.obj>
More information about the argus
mailing list