[Snort-devel] Another coredump in current CVS version

Martin Roesch roesch at ...48...
Thu Jan 18 01:11:37 EST 2001


Yeah, that NULL pointer is definitely a problem.  Chris (Cramer), are
you on the trail here? :)

   -Marty

Erich Meier wrote:
> 
> Hi!
> 
> Another coredump in the current CVS version of snort. This time in
> spp_tcp_stream.c:
> 
> # gdb /local/snort/bin/snort ./core
> Program terminated with signal 11, Segmentation fault.
> #0  0x31afc in TcpStreamPacket (p=0xeffff248) at spp_tcp_stream.c:428
> 428                     if(sptr->s_buf[i-1] == 0xa || sptr->s_buf[i-1] == 0xd)
> (gdb) bt
> #0  0x31afc in TcpStreamPacket (p=0xeffff248) at spp_tcp_stream.c:428
> #1  0x24100 in Preprocess (p=0xeffff248) at rules.c:3040
> #2  0x19f2c in ProcessPacket (user=0x0, pkthdr=0xeffff6f8, pkt=0x77172 "")
>     at snort.c:469
> #3  0x3d79c in pcap_read ()
> #4  0x3e4b0 in pcap_loop ()
> #5  0x1af10 in InterfaceThread (arg=0x70054) at snort.c:1284
> #6  0x19de0 in main (argc=12, argv=0xeffff8e4) at snort.c:403
> (gdb) print i
> $1 = 1299
> (gdb) print sptr->s_buf
> $2 = (unsigned char *) 0x0
> (gdb) print sptr
> $3 = (struct _TcpStreamSession *) 0x2c6658
> (gdb)
> 
> Target platform is SPARC Solaris 2.6.
> 
> Maybe related to the design problems within session reassembly that Chris
> mentioned lately.
> 
> Regards,
> Erich
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

--
Martin Roesch
roesch at ...48...
http://www.snort.org




More information about the Snort-devel mailing list