Issue #2 resolved

bgpdump 1.4.99.13 crashes on Ubuntu 9.10

luehr
created an issue

Hello,

I've some trouble using bgpdump v. 1.4.99.13 on Ubuntu 9.10 on http://archive.routeviews.org/bgpdata/2010.12/UPDATES/updates.20101201.1900.bz2 While ./bgpdump -M /tmp/updates.20101201.1900.bz2 > /tmp/out is running fine on Mac OS 10.6 and FreeBSD 8.1, it crashes on Ubuntu 9.10...

For reproducing this issue I can provide a VM (VMWare) for download (or hosted)

{{{

!text

jan@ubuntu:~/libbgpdump-1.4.99.13$ ./bgpdump -v -M updates.20101201.1900.bz2 > /dev/null 2011-01-27 11:20:28 [error] too many prefixes (1007 > 1000) 2011-01-27 11:20:28 [error] too many prefixes (1035 > 1000) 2011-01-27 11:20:28 [error] too many prefixes (1015 > 1000) 2011-01-27 11:20:29 [error] too many prefixes (1032 > 1000) glibc detected ./bgpdump: free(): invalid pointer: 0x09a2d0b8 *** ======= Backtrace: ========= /lib/tls/i686/cmov/libc.so.6[0x5adff1] /lib/tls/i686/cmov/libc.so.6[0x5af6f2] /lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x5b279d] /lib/tls/i686/cmov/libc.so.6[0x5cc28e] /lib/tls/i686/cmov/libc.so.6[0x5cc401] /lib/tls/i686/cmov/libc.so.6(localtime+0x2f)[0x5caadf] ./bgpdump[0x80521f5] ./bgpdump(err+0x2f)[0x805235f] ./bgpdump[0x804e517] ./bgpdump[0x8050220] ./bgpdump[0x8050cba] ./bgpdump[0x804b39d] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x559b56] ./bgpdump[0x8049271] ======= Memory map: ======== 002d3000-002ef000 r-xp 00000000 08:01 1115 /lib/libgcc_s.so.1 002ef000-002f0000 r--p 0001b000 08:01 1115 /lib/libgcc_s.so.1 002f0000-002f1000 rw-p 0001c000 08:01 1115 /lib/libgcc_s.so.1 00543000-00681000 r-xp 00000000 08:01 2716 /lib/tls/i686/cmov/libc-2.10.1.so 00681000-00683000 r--p 0013e000 08:01 2716 /lib/tls/i686/cmov/libc-2.10.1.so 00683000-00684000 rw-p 00140000 08:01 2716 /lib/tls/i686/cmov/libc-2.10.1.so 00684000-00687000 rw-p 00000000 00:00 0 00abe000-00ad9000 r-xp 00000000 08:01 1065 /lib/ld-2.10.1.so 00ad9000-00ada000 r--p 0001a000 08:01 1065 /lib/ld-2.10.1.so 00ada000-00adb000 rw-p 0001b000 08:01 1065 /lib/ld-2.10.1.so 00d9a000-00dae000 r-xp 00000000 08:01 1217 /lib/libz.so.1.2.3.3 00dae000-00daf000 r--p 00013000 08:01 1217 /lib/libz.so.1.2.3.3 00daf000-00db0000 rw-p 00014000 08:01 1217 /lib/libz.so.1.2.3.3 00f84000-00f94000 r-xp 00000000 08:01 23 /lib/libbz2.so.1.0.4 00f94000-00f95000 r--p 0000f000 08:01 23 /lib/libbz2.so.1.0.4 00f95000-00f96000 rw-p 00010000 08:01 23 /lib/libbz2.so.1.0.4 00faa000-00fab000 r-xp 00000000 00:00 0 [vdso] 08048000-08056000 r-xp 00000000 08:01 136456 /home/jan/libbgpdump-1.4.99.13/bgpdump 08056000-08057000 r--p 0000d000 08:01 136456 /home/jan/libbgpdump-1.4.99.13/bgpdump 08057000-08058000 rw-p 0000e000 08:01 136456 /home/jan/libbgpdump-1.4.99.13/bgpdump 09a12000-09a50000 rw-p 00000000 00:00 0 [heap] b7300000-b7321000 rw-p 00000000 00:00 0 b7321000-b7400000 ---p 00000000 00:00 0 b748f000-b7800000 rw-p 00000000 00:00 0 b780d000-b7810000 rw-p 00000000 00:00 0 bff81000-bff96000 rw-p 00000000 00:00 0 [stack] Aborted

}}}

Comments (8)

  1. Christoph Biedl

    Try the patch below

    --- a/bgpdump_lib.c
    +++ b/bgpdump_lib.c
    @@ -1239,11 +1239,16 @@
                 break;
             }
    
    -        struct prefix *prefix = prefixes + count;
    +        struct prefix *prefix;
    
    -        if(count++ > MAX_PREFIXES)
    -            continue;
    -
    +        if(count < MAX_PREFIXES) {
    +            prefix = prefixes + count;
    +        } else {
    +            /* read and discard */
    +            static struct prefix void_prefix;
    +            prefix = &void_prefix;
    +        }
    +        count++;
             *prefix = (struct prefix) { .len = p_len };
             mstream_get(s, &prefix->address, p_bytes);
         }
    
  2. Log in to comment