[Bug 107180] Re: Segmentation Fault
This bug was fixed in the package sniffit - 0.3.7.beta-13ubuntu1 --- sniffit (0.3.7.beta-13ubuntu1) karmic; urgency=low [ Karoly Segesdi ] * #include more headers, so that prototyes are correctly defined, avoiding some crashes. (LP: #107180) -- James Westby james.wes...@ubuntu.com Mon, 08 Jun 2009 11:53:18 +0100 ** Changed in: sniffit (Ubuntu) Status: Confirmed = Fix Released -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
This bug is caused by implicit declarations of functions coming from string.h, which in turn is caused by missing #include statements. I have fixed all implicit declarations by providing the neccessary #include statements. Please see attached patch agains 0.3.7.beta-13. Hope this helps. ** Attachment added: patch agains 0.3.7.beta-13 http://launchpadlibrarian.net/26757346/sniffit-beta13-vrm.patch -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
** Changed in: sniffit (Ubuntu) Status: Invalid = Confirmed -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
This bug still exists in Ubuntu 9.04 64-bit. -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
No progress on this bug, and so I'm marking it as invalid. ** Changed in: sniffit (Ubuntu) Status: Confirmed = Invalid -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
It sounds like this is an application bug, so reassigning back there. I suggest using the valgrind tool to pinpoint the location of the problem more precisely. ** Changed in: sniffit (Ubuntu) Sourcepackagename: linux-source-2.6.20 = sniffit -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
(Seriously, it really is very likely that this is an application bug. For example, one of the variables involved being the wrong type or strtok() being declared with the wrong prototype or something like that would easily cause this kind of thing. While it's not impossible that the libc or gcc is broken, that is not the most probable answer, and the evidence doesn't point that way yet. valgrind should help, as will ensuring that you're compiling the code with a reasonable set of gcc warning options enabled. The compiler is your friend ...) -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
From the susv3 manual: char *strtok(char *restrict s1, const char *restrict s2); The first call in the sequence searches the string pointed to by s1 for the first byte that is not contained in the current separator string pointed to by s2. If no such byte is found, then there are no tokens in the string pointed to by s1 and strtok() shall return a null pointer. If such a byte is found, it is the start of the first token. The correct output from glibc is NULL. -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Hi Jeff, thanks for helping. I have seen similar manual pages, and also the GNU one (for instance http://www.gnu.org/software/libc/manual/html_node/Finding-Tokens-in-a-String.html). If you read yours carefully, it said that if there is no byte is s1 which is not in s2 than it returns NULL. I've checked the behaviour of strtok (and also strtok_r and strsep) with a simple program and they behave in accordance to the manual. I've checked both without a debugger and with, so I could see the values and addresses of all variables at every step, and all of these were in accordance to manual. I've not yet managed to compile sniffit with debug support; I wanted to check that the string returned by hlp2 is indeed a null terminated string (which is as in the manual and I've seen in my sample program). If it is not that would explain the SIGSEGV. For the time being this is just a wild guess (as well as why it wouldn't). -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Just to make things clearer (I hope), I modified the snippet above as follows: strncpy(hlp,optarg,299); printf(hlp :%x-\n, hlp); printf(hlp :%s-\n, hlp); hlp2=strtok(hlp,:); printf(hlp :%x-\n, hlp); printf(hlp :%s-\n, hlp); printf(hlp2 :%x-\n, hlp2); IP[255]=0; strncpy(IP,hlp,255); Now, if I run the program as sudo sniffit -t192.1.100.1 I get the following: hlp :fd6089d0- hlp :192.1.100.1- hlp :fd6089d0- hlp :192.1.100.1- hlp2 :fd6089d0- Supported Network device found. (eth0) Sniffit.0.3.7 Beta is up and running (192.1.100.1) Note that hlp and hlp2 both point to the same NULL terminated string. The only difference is that hlp is size bound. If I insert a printf of hlp2 of I try to use it I get a SIGSEGV. If I run the program as sudo sniffit -t192.1.100.1:80 I get the following: hlp :579cfd90- hlp :192.1.100.1:80- hlp :579cfd90- hlp :192.1.100.1- hlp2 :579cfd90- Supported Network device found. (eth0) Sniffit.0.3.7 Beta is up and running (192.1.100.1) Again, hlp and hlp2 are pointing to the same NULL terminated string but any attempt to use hlp2 lead to SIGSEGV. hlp can be used with no problem!? -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
The kernel mem subsystem and glibc are extremely well tested, it is highly unlikely these are the cause of the problems. User level app bugs are by far the most likely explanation. If hlp and hlp2 point to the same memory, they should behave the same when accessed. Unfortunately, the above printf statements do not prove hlp and hlp2 are the same on a 64 bit system. The printfs printf(hlp :%x-\n, hlp); printf(hlp2 :%x-\n, hlp2); are printing the low 4 bytes of the 8 byte pointer values. These should be alterred to use %p, i.e. printf(hlp :%p-\n, hlp); printf(hlp2 :%p-\n, hlp2); Only then can you know that hlp and hlp2 point to the same memory. Secondly, the printf of the hlp2 value should be moved to immediately before it is referenced, in the above code it is possible that IP[255] = 0; is corrupting hlp2 (if, for instance, IP is not 255 bytes long, IP[255] may be addressing a byte within the hlp2 pointer). ** Changed in: linux-source-2.6.20 (Ubuntu) Status: Confirmed = Needs Info -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Thanks Phillip! I think we are getting somewhere. Here is the modified snippet: hlp[299]=0; strncpy(hlp,optarg,299); printf(hlp :%p-\n, hlp); printf(hlp :%s-\n, hlp); hlp2=strtok(hlp,:); printf(hlp :%p-\n, hlp); printf(hlp :%s-\n, hlp); printf(hlp2 :%p-\n, hlp2); printf(hlp2 :%s-\n, hlp2); IP[255]=0; strncpy(IP,hlp,255); And here the result for sudo sniffit -t192.1.100.1: hlp :0x7fff9c7e1bb0- hlp :192.1.100.1- hlp :0x7fff9c7e1bb0- hlp :192.1.100.1- hlp2 :0x9c7e1bb0- Segmentation fault So, indeed the two pointers are not the same. Do you understand why hlp2 is 64 bytes long (is it a logical address?). Do you understand why the high byte of hlp2 when truncated to 48 bytes is f (not 7)? Still, it doesn't look like this is an app bug, but a libc or gcc bug? -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
** Changed in: linux-source-2.6.20 (Ubuntu) Sourcepackagename: gcc-4.1 = linux-source-2.6.20 -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
** Changed in: gcc-4.1 (Ubuntu) Sourcepackagename: linux-source-2.6.20 = gcc-4.1 Status: Needs Info = Confirmed -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Oh my my, do I write like a coyote or what? I meant bits not bytes in previous post. Just a wild guess here, but is it so impossible that there is a bug in the segmentation code? Any idea how to debug this further? -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Log ** Attachment added: Crash log http://librarian.launchpad.net/7338919/_usr_sbin_sniffit.1000.crash -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
Alessio, one of the calls to the library strncpy() function in sniffit contains illegal data (which results in a the application trying to access a memory location outside of its address space). My guess is that this is the one in sn_analyse.c You should recompile sniffit with debug support and use gdb to check this (and possibly the other four calls in sniffit.0.3.7) setting appropriate breakpoints and checking the values of the variables involved (I would pay attention to the value of MTU). Once we identify the guilty call and associated variable(s) we can try to trace it back to the bug that causes it. ** Changed in: sniffit (Ubuntu) Status: Unconfirmed = Needs Info -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
After some more investigations I believe there could be a problem with the C library strtok() function. the outpur of strtok(62.94.1.193, : ) should be 62.94.1.193; it is however NULL I also tried the reentrant strsep() but with similar results. I'm still investigating. ** Changed in: glibc (Ubuntu) Sourcepackagename: sniffit = glibc Status: Needs Info = Confirmed -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 107180] Re: Segmentation Fault
I'm wondering if this could be a memory management/kernel issue or perhaps a gcc one. Here is a snippet of the code which is causing the SIGSEG (there are other similar ones): char hlp[300], *hlp2; hlp[299]=0; strncpy(hlp,optarg,299); hlp2=(char *)strtok(hlp,:); IP[255]=0; strncpy(IP,hlp2,255); the last strncpy() is causing the fault. Any access (with a printf or whatever) to the memory location pointed to by hpl2 causes the fault. Note that, as expected, hlp2==hlp but hlp can be accessed (for instance with a strncpy(IP,hlp,255)) without causing any fault , hlp2 not!? Both Alessio and I have the 64 bits ubuntu. ** Changed in: linux-source-2.6.20 (Ubuntu) Sourcepackagename: glibc = linux-source-2.6.20 -- Segmentation Fault https://bugs.launchpad.net/bugs/107180 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
