Michal Kepien wrote:
I don't know whether this is the right place to post, but unfortunately nobody on the usenet was able to help me with this issue. I came across this while I was writing a simple libpcap-based program. The problem is, after I call any packet capturing function (pcap_next(), pcap_loop() etc.), I'm getting serious memory errors after trying to allocate or free some memory - "*** glibc detected *** malloc(): memory corruption" or "*** glibc detected *** free(): invalid next size (fast)" to name just two. The problem is weird because if I allocate or free the memory _before_ calling pcap_next(), pcap_loop() etc., everything works fine.
Perhaps there's a libpcap bug, in the version of libpcap on your system, where it's writing past the end of some data structure or buffer it's allocated.
If so, then if you allocate the memory before calling the routine that allocates the data structure/buffer, the memory you allocated will probably be before the data structure/buffer, and overflowing that data structure/buffer won't damage the malloc header in front of the memory you allocated, so there won't be any complaint from free() when it's freed, but if you allocate it after calling the routine that allocates the data structure/buffer, overflowing that data structure/buffer would damage the malloc header in front of the memory you allocated, so you'd probably get complaints when it's freed.
For the program to work, you need a ppp0 interface in your system and there has to be some network traffic going through it (even 1 packet is good enough actually).
The code path for Linux is a little different for PPP interfaces (and some other types of interfaces) than for most other interfaces, as it uses a "cooked" PF_PACKET socket for PPP and some other types of interfaces and a "raw" PF_PACKET socket for most interfaces.
I checked the code, and there's no *obvious* bug of that sort. I'll have to look a bit more to see whether I'm missing something.
What version of libpcap is in your version of Slackware? (What does "tcpdump -h" print?)
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
