[tcpdump-workers] libpcap causing segmentation fault

Tue, 14 Feb 2012 05:32:30 -0800 

We are running an application using libpcap 1.2.1, on CentOS 5.6 (64-bit), on a 
machine with a 10 gigabit NIC.  We have been using this application for several 
years, using previous versions of libpcap, previous versions of Linux, and 
other NIC's, without any problems.  Also, the current version of the 
application seems to work fine on RHEL 3.8.

However, with this environment [libpcap 1.2.1, CentOS 5.6 (64-bit), 10 gigabit 
NIC], the application is repeatedly crashing with a segmentation fault.  Here 
is the stack trace info from gdb:

    #0 _recv (useless=<value optimized out>, pread=0x2aaab0106662 <Address 
0x2aaab0106662 out of bounds>) at SocketServer.cpp:67
    #1 0x00002b55582858fa in pcap_read_linux_mmap (handle=0x2aaaac0016e0, 
max_packets=-1, callback=0x411d78 <_recv(u_char*, pcap_pkthdr const*, u_char 
const*)>, user=0x0) at ./pcap-linux.c:4037
    #2 0x00002b5558288118 in pcap_loop (p=0x2aaaac0016e0, cnt=-1, 
callback=0x411d78 <_recv(u_char*, pcap_pkthdr const*, u_char const*)>, 
user=0x0) at ./pcap.c:527
    #3 0x0000000000411c58 in SocketServer::run (this=0x42beec70) at 
SocketServer.cpp:238
    #4 0x0000000000404e14 in socketServerThread (pointer=0x2b5558b30018) at 
PacketRelay.cpp:29
    #5 0x0000003fb280673d in start_thread () from /lib64/libpthread.so.0 
    #6 0x0000003fb1cd40cd in clone () from /lib64/libc.so.6

As you can see, the segfault happens in our callback function [_recv()], which 
is called by pcap_read_linux_mmap().  According to gdb, the pointer argument 
pread holds an invalid address.  And indeed, the segfault happens in the 
callback function as soon as the attempt is made to read from that address.

In other words, pcap_read_linux_mmap() is passing an invalid pointer to the 
callback.

This crash sometimes happens after the application has been running for several 
hours or days.  Also noteworthy is the fact that it has happened at times when, 
to the best of my knowledge, the application was not even receiving any network 
traffic.

Any ideas as to what may be causing this would be much appreciated.

Thanks,

Moshe

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Reply via email to