Segmentation faults in rasplit 3.0.8.2

Markku P via Argus-info argus-info at lists.andrew.cmu.edu
Tue Sep 27 09:08:13 EDT 2016


>From the documentation:
"Rasplit supports an extended -w option that allows for output record
contents to be inserted into the output filename.  Specified using '$'
(dollar) notation, any printable field can be used."
Well, no. It just segfaults.

Tried adding more debug info in, and found .memory flag, which makes things
even worse. :)

1) using a .memory flag on compile crashes all clients:

$ touch .debug .memory
$ ./configure --prefix=/opt/argus-clients-3.0.8.2-debug
$ make
$ bin/ra
Segmentation fault
$ gdb bin/ra
GNU gdb (GDB) CentOS (7.0.1-45.el5.centos)
Reading symbols from /var/rtmp/argus-clients-3.0.8.2/bin/ra...(no debugging
symbols found)...done.

(gdb) run
Program received signal SIGSEGV, Segmentation fault.
0x0000000000416be8 in ArgusCalloc ()
(gdb) bt
#0  0x0000000000416be8 in ArgusCalloc ()
#1  0x000000000043c45d in ArgusNewParser ()
#2  0x0000000000405393 in main ()


2) and here's the rasplit crash with .debug flag:

$ make clean
$ rm .memory
$ ./configure --prefix=/opt/argus-clients-3.0.8.2-debug
$ make
$ bin/rasplit -r /tmp/test160927 -w 'v/a$proto$dport'
Segmentation fault
$ gdb bin/rasplit

(gdb) run -r /tmp/test160927 -w 'v/a$proto$dport'
Program received signal SIGSEGV, Segmentation fault.
0x00000037f40786f0 in strcmp () from /lib64/libc.so.6
(gdb) bt
#0  0x00000037f40786f0 in strcmp () from /lib64/libc.so.6
#1  0x000000000040455f in RaSendArgusRecord ()
#2  0x0000000000404fe5 in RaProcessRecord ()
#3  0x000000000043e65f in RaScheduleRecord ()
#4  0x000000000043ef7a in ArgusHandleRecord ()
#5  0x000000000045e92e in ArgusReadStreamSocket ()
#6  0x000000000045ef5f in ArgusReadFileStream ()
#7  0x000000000040668f in main ()

# bin/rasplit -D8 -r /tmp/test160927 -w 'v/a$proto$dport'
rasplit[5638.e0854692f32a0000]: 15:54:22.074558 ArgusCalloc (1, 461728)
returning 0x925ad010
rasplit[5638.e0854692f32a0000]: 15:54:22.074616 ArgusAddFileList
(0x92469010, /tmp/test160927, 1, -1, -1) returning 1
rasplit[5638.e0854692f32a0000]: 15:54:22.074643 ArgusCalloc (1, 144)
returning 0x39c37b0
rasplit[5638.e0854692f32a0000]: 15:54:22.074678 ArgusNewList () returning
0x39c37b0
rasplit[5638.e0854692f32a0000]: 15:54:22.074707 ArgusCalloc (1, 296)
returning 0x39c3dc0
rasplit[5638.e0854692f32a0000]: 15:54:22.074735 ArgusPushFrontList
(0x39c37b0, 0x39c3dc0, 1) returning 0x1606
rasplit[5638.e0854692f32a0000]: 15:54:22.074790 ArgusCalloc (1, 16)
returning 0x39c3890
rasplit[5638.e0854692f32a0000]: 15:54:22.074814 ArgusAddMaskList (proto)
returning 1
rasplit[5638.e0854692f32a0000]: 15:54:22.074839 ArgusCalloc (1, 16)
returning 0x39c38d0
rasplit[5638.e0854692f32a0000]: 15:54:22.074862 ArgusAddMaskList (dport)
returning 1
rasplit[5638.e0854692f32a0000]: 15:54:22.074892 ArgusCalloc (1, 560)
returning 0x39c3ef0
rasplit[5638.e0854692f32a0000]: 15:54:22.074966 ArgusCalloc (1, 112)
returning 0x39c4150
rasplit[5638.e0854692f32a0000]: 15:54:22.074989 ArgusCalloc (1, 80)
returning 0x39c41d0
rasplit[5638.e0854692f32a0000]: 15:54:22.075012 ArgusNewQueue () returning
0x39c41d0
rasplit[5638.e0854692f32a0000]: 15:54:22.075040 ArgusCalloc (1, 56)
returning 0x39c4230
rasplit[5638.e0854692f32a0000]: 15:54:22.075074 ArgusCalloc (65536, 8)
returning 0x9261e010
rasplit[5638.e0854692f32a0000]: 15:54:22.075163 ArgusNewHashTable (65536)
returning 0x39c4230
rasplit[5638.e0854692f32a0000]: 15:54:22.075194 ArgusCalloc (1, 296)
returning 0x39c4270
rasplit[5638.e0854692f32a0000]: 15:54:22.075226 ArgusPushFrontList
(0x39c37b0, 0x39c4270, 1) returning 0x1606
rasplit[5638.e0854692f32a0000]: 15:54:22.075308 ArgusClientInit()
rasplit[5638.e0854692f32a0000]: 15:54:22.075377 ArgusReadConnection() read
16 bytes
rasplit[5638.e0854692f32a0000]: 15:54:22.075407 ArgusReadConnection() read
112 bytes
rasplit[5638.e0854692f32a0000]: 15:54:22.075474 ArgusCalloc (1, 4194304)
returning 0x926a0010
rasplit[5638.e0854692f32a0000]: 15:54:22.075514 ArgusCalloc (1, 262144)
returning 0x92aa1010
rasplit[5638.e0854692f32a0000]: 15:54:22.087238 ArgusInitAddrtoname
(0x2af392469010, 0xac1d645c, 0xfffffffc)
rasplit[5638.e0854692f32a0000]: 15:54:22.087268
ArgusParseInit(0x2af392469010 0x2af3925ad010
rasplit[5638.e0854692f32a0000]: 15:54:22.087300
ArgusReadConnection(0x925ad010, 1) returning 1
rasplit[5638.e0854692f32a0000]: 15:54:22.087350 RaProcessRecord
(0x925ad630) done
rasplit[5638.e0854692f32a0000]: 15:54:22.087375 RaScheduleRecord
(0x2af392469010, 0x2af3925ad630) scheduled
rasplit[5638.e0854692f32a0000]: 15:54:22.087399 ArgusHandleRecord
(0x2af3925ad228, 0x2af39258a808) returning 128
rasplit[5638.e0854692f32a0000]: 15:54:22.087426 ArgusReadFileStream()
starting
rasplit[5638.e0854692f32a0000]: 15:54:22.088115 ArgusReadStreamSocket
(0x2af3925ad010) read 1048576 bytes
rasplit[5638.e0854692f32a0000]: 15:54:22.088195 ArgusCalloc (1, 384)
returning 0x3ac1e00
rasplit[5638.e0854692f32a0000]: 15:54:22.088239 ArgusCalloc (1, 12)
returning 0x3ac1f90
rasplit[5638.e0854692f32a0000]: 15:54:22.088268 ArgusCalloc (1, 80)
returning 0x3ac1fb0
rasplit[5638.e0854692f32a0000]: 15:54:22.088295 ArgusCalloc (1, 36)
returning 0x3ac2010
rasplit[5638.e0854692f32a0000]: 15:54:22.088323 ArgusCalloc (1, 52)
returning 0x3ac2040
rasplit[5638.e0854692f32a0000]: 15:54:22.088346 ArgusCalloc (1, 80)
returning 0x3ac2080
rasplit[5638.e0854692f32a0000]: 15:54:22.088369 ArgusCalloc (1, 20)
returning 0x3ac20e0
rasplit[5638.e0854692f32a0000]: 15:54:22.088396 ArgusCalloc (1, 12)
returning 0x3ac2100
rasplit[5638.e0854692f32a0000]: 15:54:22.088430 ArgusCalloc (1, 256)
returning 0x3ac2120
rasplit[5638.e0854692f32a0000]: 15:54:22.088458 ArgusFindObject ()
returning 0x0
rasplit[5638.e0854692f32a0000]: 15:54:22.088488 ArgusCalloc (1, 400)
returning 0x3ac2230
rasplit[5638.e0854692f32a0000]: 15:54:22.088517 ArgusCalloc (1, 48)
returning 0x3ac23d0
rasplit[5638.e0854692f32a0000]: 15:54:22.088541 ArgusCalloc (1, 4)
returning 0x3ac2410
rasplit[5638.e0854692f32a0000]: 15:54:22.088564 ArgusAddHashEntry
(0x3ac2230) returning 0x3ac23d0
rasplit[5638.e0854692f32a0000]: 15:54:22.088595 ArgusFree (0x3ac1f90)
rasplit[5638.e0854692f32a0000]: 15:54:22.088619 ArgusFree (0x3ac1fb0)
rasplit[5638.e0854692f32a0000]: 15:54:22.088651 ArgusFree (0x3ac2010)
rasplit[5638.e0854692f32a0000]: 15:54:22.088677 ArgusFree (0x3ac2040)
rasplit[5638.e0854692f32a0000]: 15:54:22.088702 ArgusFree (0x3ac2080)
rasplit[5638.e0854692f32a0000]: 15:54:22.088726 ArgusFree (0x3ac20e0)
rasplit[5638.e0854692f32a0000]: 15:54:22.088749 ArgusFree (0x3ac2100)
rasplit[5638.e0854692f32a0000]: 15:54:22.088772 ArgusFree (0x3ac1e00)
rasplit[5638.e0854692f32a0000]: 15:54:22.088824
RaProcessSplitOptions(v/audp, 4096, 0x925ad630): returns 2
Segmentation fault

Environment:

# gcc -v
Using built-in specs.
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-libgcj-multifile
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada
--enable-java-awt=gtk --disable-dssi --disable-plugin
--with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --with-cpu=generic
--host=x86_64-redhat-linux
Thread model: posix
gcc version 4.1.2 20080704 (Red Hat 4.1.2-55)

# rpm -q glibc
glibc-2.5-123.el5_11.1

# uname -i -v -s
Linux #1 SMP Thu Dec 18 00:59:53 EST 2014 x86_64

No default .rarc files are set.

Uploaded the test file to ftp/incoming as test160927-2.ra
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20160927/feca3f13/attachment.html>


More information about the argus mailing list