Project

General

Profile

Bug #6109

filterlog crash

Added by Patrik Lundquist about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Logging
Target version:
Start date:
04/11/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.2.x
Affected Architecture:
All

Description

filterlog occasionally core dumps (/filterlog.core) since at least 2.2.4 and still does with 2.3 RC.

(gdb) bt
#0  0x0000000000402c00 in ?? ()
#1  0x00000000004034e8 in ?? ()
#2  0x0000000800a54394 in pcap_platform_finddevs () from /lib/libpcap.so.8
#3  0x0000000800a51752 in pcap_loop () from /lib/libpcap.so.8
#4  0x00000000004031f7 in ?? ()
#5  0x00000000004011af in ?? ()
#6  0x0000000800626000 in ?? ()
#7  0x0000000000000000 in ?? ()

I'd appreciate an identically built binary with -g and that's not stripped to dig further with gdb.

I've built filterlog from your repos in a FreeBSD 10.3-RELEASE VM and by comparing the assembly code I can pinpoint the error to movzbl (%r15),%r12d at 0x402af0 in

filterlog/files/print-tcp.c:194
  402aec:       49 8d 47 01             lea    0x1(%r15),%rax
  402af0:       45 0f b6 27             movzbl (%r15),%r12d
  402af4:       41 83 fc 02             cmp    $0x2,%r12d
  402af8:       41 be 01 00 00 00       mov    $0x1,%r14d
  402afe:       73 05                   jae    402b05 <tcp_print+0x325>
  402b00:       49 89 c5                mov    %rax,%r13
  402b03:       eb 18                   jmp    402b1d <tcp_print+0x33d>
filterlog/files/print-tcp.c:198
  402b05:       44 0f b6 30             movzbl (%rax),%r14d

which corresponds to

                        opt = *cp++;
                        if (ZEROLENOPT(opt))
                                len = 1;
                        else {
                                len = *cp++;    /* total including type, len */

History

#1 Updated by Patrik Lundquist about 3 years ago

No need for a binary with symbols now. Got a nice core dump with my debug build.

#0  0x00000000004044cf in tcp_print (sbuf=0x607928, bp=0x801832344 "�\016�\024��Pg", length=0, bp2=0x801832330 "E") at print-tcp.c:194
194                            opt = *cp++;
(gdb) bt full
#0  0x00000000004044cf in tcp_print (sbuf=0x607928, bp=0x801832344 "�\016�\024��Pg", length=0, bp2=0x801832330 "E") at print-tcp.c:194
    cp = (const u_char *) 0x901832364 <Address 0x901832364 out of bounds>
...

#2 Updated by Patrik Lundquist about 3 years ago

I'm working on a fix that I'd like to be included in 2.3.1. It affects all architectures.

#3 Updated by Chris Buechler about 3 years ago

Thanks Patrik. We're very near release, but if you can get us a fix in the next couple days it should make 2.3.1.

#4 Updated by Chris Buechler about 3 years ago

  • Subject changed from filterlog core dump to filterlog crash
  • Status changed from New to Resolved
  • Target version set to 2.3.1
  • Affected Architecture changed from amd64 to All

Also available in: Atom PDF