Jonathan Ganz created BIT-1425:
----------------------------------
Summary: BroString::Set() Attempts Allocation of Negative-Length
Memory
Key: BIT-1425
URL: https://bro-tracker.atlassian.net/browse/BIT-1425
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3, 2.4
Environment: Linux Mint 17.1 (Ubuntu 14.04) on bare metal and in a
VirtualBox VM.
Mac OS X 10.10.3
Reporter: Jonathan Ganz
Attachments: lbl-internal.20041215-1142.port004.dump.anon,
memory_trace.log, negativeMemory.bro
When the tcp_packet() event is used, Bro may attempt to allocate memory that is
negative in length (i.e. -6 bytes). Bro crashes with the following output:
tcmalloc: large alloc 0 bytes == (nil) @ 0x7f6abeaefc73 0x7f6abeb111c3
0x765e81 0x765b24 0x872562 0xaddc2f 0xaded94 0xb7aeca 0x775180 0x84105b
0x83f5c0 0x83f39d 0x7fb1bc 0xb3cde6 0x7fb3d9 0x750e98 0x7f6abdaf4ec5 0x72e553
(nil)
out of memory in new.
1103139821.634774 fatal error: out of memory in new.
The attached pcap file and bro script cause such a crash when run with the
following command:
/usr/local/bro/bin/bro -r lbl-internal.20041215-1142.port004.dump.anon
/usr/local/bro/share/bro/site/negativeMemory.bro
A core file is not being generated for me, despite following the directions for
reporting problems
(https://www.bro.org/support/reporting-problems.html#getting-more-information-after-acrash).
The file named memory_trace.log shows an alternatively formatted traceback of
the stack when the error occurs.
--
This message was sent by Atlassian JIRA
(v6.5-OD-05-041#65001)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
