Guy Harris wrote:
>
> > By audit, do you mean a memory profiler, or glib's g_memory_profile
> > or something else ?
>
> I meant manual auditing, although David Frascone's suggestion of
> Electric Fence:
>
> http://perens.com/FreeSoftware/
>
> would probably also help. (Bruce's FTP server appears to be Really Slow
> right now, so it may be hard to download; however, RH 7.1 might come
> with Electric Fence, and I wouldn't be surprised if it weren't available
> from elsewhere.)
>
Yes it does (I just found it :-))
> BTW, if I run a reasonably recent Tethereal on your capture, it crashes:
>
> (gdb) where
> #0 0xef525460 in strlen () from /usr/lib/libc.so.1
> #1 0x573f4 in giop_hash_module_hash (v=0xefffe6dc) at packet-giop.c:1008
> #2 0xef760f74 in g_hash_table_lookup (hash_table=0x258268, key=0xefffe6dc)
> at ghash.c:114
> #3 0x57b64 in try_explicit_giop_dissector (tvb=0x2a2fbc, pinfo=0x257b28,
> tree=0x0, offset=0xefffe76c, header=0xefffe7e8,
> operation=0x279f90 "_get_height", repoid=0x28efd8 "StandardImplName/")
> at packet-giop.c:1791
> #4 0x59870 in dissect_giop_request_1_1 (tvb=0x2a2fbc, pinfo=0x257b28,
> tree=0x0, clnp_tree=0x0, header=0xefffe7e8, stream_is_big_endian=1)
> at packet-giop.c:3416
> #5 0x5a464 in dissect_giop (tvb=0x2a2f54, pinfo=0x257b28, tree=0x0)
> at packet-giop.c:3916
>
> ...
>
> The offending line in "giop_hash_module_hash()" is
>
> (gdb) frame 1
> #1 0x573f4 in giop_hash_module_hash (v=0xefffe6dc) at packet-giop.c:1008
> 1008 len = strlen(key->module);
>
> and "key->module" is null:
>
> (gdb) print v
> $4 = 0xefffe6dc
> (gdb) print *(struct giop_module_key *)v
> $5 = {module = 0x0}
Thanks, how come I didn't see this ? Must have been lunch :-)
/frank..
--
EUS/SV/Z Frank Singleton ASO Americas BSS
Office : +1 972 583 3251 ECN 800 33251
Mobile : +1 214 228 0874 Amateur Radio: VK3FCS/KM5WS
Email : frank.singleton@xxxxxxxxxxxx
Hardware: HP Omnibook 4150 running Redhat Linux 7.1 (2.4.3-12 kernel).