[Snort-devel] Coredump in TCP Stream Reassembly

Erich Meier Erich.Meier at ...2...
Mon Dec 4 11:10:17 EST 2000


The latest CVS version dumped core on my SPARC Solaris. It appears to be within
the TCP stream reassembly:

# gdb /local/snort/bin/snort ./core
Program terminated with signal 11, Segmentation fault.
#0  0x2ed84 in TcpStreamPacket (p=0xeffff2a8) at spp_tcp_stream.c:355
355                     if (sptr->s_buf[i-1] == 0xa || sptr->s_buf[i-1] == 0xd)
(gdb) bt
#0  0x2ed84 in TcpStreamPacket (p=0xeffff2a8) at spp_tcp_stream.c:355
#1  0x216c0 in Preprocess (p=0xeffff2a8) at rules.c:2958
#2  0x17f84 in ProcessPacket (user=0x0, pkthdr=0xeffff758, pkt=0x6635a "")
    at snort.c:455
#3  0x3047c in pcap_read ()
#4  0x31190 in pcap_loop ()
#5  0x18f8c in InterfaceThread (arg=0x61028) at snort.c:1252
#6  0x17e38 in main (argc=0, argv=0xeffff944) at snort.c:392
(gdb) print i
$1 = 512

Seems to be a typical SPARC alignment problem.

Erich Meier                              Erich.Meier at ...2...

More information about the Snort-devel mailing list