Bug#277532: nmap -oS segfault

Wed, 09 Mar 2005 18:55:31 -0800 

> Hmm ... that is curious.  I wonder if the 4096-byte stack buffer is
> too large for your system.  Could you try changing:

If that has something to do with my system, I can precise it's an ibook
first generation (clamshell) with a G3 366 MHz and 128 M Ram.

> char b[4096]
> 
> to char b[1024]
> 
> on line 520 of output.cc, recompile, and let us know if it still
> crashes?  If it DOES still crash, what would be useful to see is log
> of:

Ãnfortunately, it still crashes. 

> gdb nmap
> break log_write
> r -oS - 192.168.0.1
> [ when it stops execution, press 'n', then just keep pressing enter
> until it crashes, which should be less than twenty keypresses ]
> 
> If you could send me the output from that test, it would be quite useful.
> 
> Thanks,
> Fyodor

Here is the ouptut :

(gdb) break log_write
Breakpoint 1 at 0x1001a834: file output.cc, line 527.
(gdb) r -oS - 192.168.0.1
Starting program: /home/christophe/nmap-3.81/nmap -oS - 192.168.0.1

Breakpoint 1, log_write (logt=1032, fmt=0x1008c078
"\020\bÃ\220\020\bÃÅ\020\bÃÃ\020\bÃÃ") at output.cc:527
527       if (l & LOG_STDOUT) {
(gdb) n
523       bool buf_alloced = false;
(gdb) 
527       if (l & LOG_STDOUT) {
(gdb) 
519       int i,l=logt,skid=1;
(gdb) 
526       va_start(ap, fmt);
(gdb) 
517     {
(gdb) 
526       va_start(ap, fmt);
(gdb) 
519       int i,l=logt,skid=1;
(gdb) 
526       va_start(ap, fmt);
(gdb) 
521       char *buf = b;
(gdb) 
526       va_start(ap, fmt);
(gdb) 
522       int bufsz = sizeof(b);
(gdb) 
526       va_start(ap, fmt);
(gdb) 
527       if (l & LOG_STDOUT) {
(gdb) 
528         vfprintf(o.nmap_stdout, fmt, ap);
(gdb) 
529         l-=LOG_STDOUT;
(gdb) 
528         vfprintf(o.nmap_stdout, fmt, ap);
(gdb) 
531       if (l & LOG_SKID_NOXLT) { skid=0; l -= LOG_SKID_NOXLT; l |=
LOG_SKID; }
(gdb) 
532       if (l<0 || l>LOG_MASK) return;
(gdb) 
533       for (i=0;l;l>>=1,i++)
(gdb) 
535           if (!o.logfd[i] || !(l&1)) continue;
(gdb)
533       for (i=0;l;l>>=1,i++)
(gdb) 
535           if (!o.logfd[i] || !(l&1)) continue;
(gdb) 
533       for (i=0;l;l>>=1,i++)
(gdb) 
535           if (!o.logfd[i] || !(l&1)) continue;
(gdb) 
533       for (i=0;l;l>>=1,i++)
(gdb) 
535           if (!o.logfd[i] || !(l&1)) continue;
(gdb) 
537             rc = vsnprintf(buf,bufsz, fmt, ap);
(gdb) 

Program received signal SIGSEGV, Segmentation fault.
0x0fd8481c in strlen () from /lib/libc.so.6
(gdb) 

Hope that helps

Christophe


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to