[Snort-devel] another snort-1.8-RELEASE core
Jason A. Haynes
jahaynes at ...502...
Tue Jul 17 01:12:35 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hartmut Prochaska <hartmut.prochaska at ...224...> also pointed this out to me.
I wasn't reading the code closely there. Oops.
To be sure, I checked and there's nothing in configure, *.in or even *.c
*.h to compete with the system's alloc() library. The binaries I've
compiled under Linux show calloc as a text symbol being picked up by
GLIBC; this is good. Is it possible though that Solaris 8 or other
platforms have a broken calloc()? Mike reported "fixing" this: from
crashes every 3 minutes to 3+ hours with no crash -- see bottom quoted
Oh well, you're probably right that it's getting stomped on from
elsewhere. Even if it correlates to particular platforms, that means
they share pointer arithmatic & allocation patterns as well as alloc()
Sorry for the knee-jerk patch reaction.
On Mon, 16 Jul 2001, Martin Roesch wrote:
> Hi guys,
> Something else is getting hammered in there, those pointers are
> initialized to NULL in the calloc above the rest of the code, something
> is stomping the pointers hard. I'm working on a fix, hopefully I'll
> have something put together shortly.
> "Jason A. Haynes" wrote:
> > I'd say that's a good call, Mike; saw a couple crashes reported on
> > snort-users about that assertion too. Here's a patch against the current
> > cvs which I think NULLs out the remaining two cases, including the one you
> > found.
> > On Wed, 11 Jul 2001, Michael Anderson wrote:
> > > I took a look at the code and found that snort crashed while trying to
> > > do the following in rules.c line 3426:
> > > assert(idx->func != NULL);
> > >
> > > idx is a pointer to the list PreprocessFuncNode. idx is set to point to
> > > the global list PreprocessList (a list containing all of the
> > > preprocessor functions). The list is then traversed to call each
> > > preprocessor function. It appears that at some point while traversing
> > > the list, the func attribute is NULL causing the assertion to fail. I
> > > added the following line to the AddFuncToPreprocList in rules.c after
> > > line number 1370:
> > > idx->next = NULL;
> > >
> > > I'm assuming the crash was caused because pointers are not being
> > > initialized to NULL and at some point snort is accessing random memory
> > > while trying to read the list. I've had snort up and running for 3
> > > hours since I made this change.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
-----END PGP SIGNATURE-----
More information about the Snort-devel