[Snort-devel] Another coredump in current CVS version

Erich Meier Erich.Meier at ...2...
Wed Jan 17 08:26:13 EST 2001


Hi!

Another coredump in the current CVS version of snort. This time in
spp_tcp_stream.c:

# gdb /local/snort/bin/snort ./core
Program terminated with signal 11, Segmentation fault.
#0  0x31afc in TcpStreamPacket (p=0xeffff248) at spp_tcp_stream.c:428
428                     if(sptr->s_buf[i-1] == 0xa || sptr->s_buf[i-1] == 0xd)
(gdb) bt
#0  0x31afc in TcpStreamPacket (p=0xeffff248) at spp_tcp_stream.c:428
#1  0x24100 in Preprocess (p=0xeffff248) at rules.c:3040
#2  0x19f2c in ProcessPacket (user=0x0, pkthdr=0xeffff6f8, pkt=0x77172 "")
    at snort.c:469
#3  0x3d79c in pcap_read ()
#4  0x3e4b0 in pcap_loop ()
#5  0x1af10 in InterfaceThread (arg=0x70054) at snort.c:1284
#6  0x19de0 in main (argc=12, argv=0xeffff8e4) at snort.c:403
(gdb) print i
$1 = 1299
(gdb) print sptr->s_buf
$2 = (unsigned char *) 0x0
(gdb) print sptr
$3 = (struct _TcpStreamSession *) 0x2c6658
(gdb) 

Target platform is SPARC Solaris 2.6.

Maybe related to the design problems within session reassembly that Chris
mentioned lately.

Regards,
Erich




More information about the Snort-devel mailing list