We're updating the issue view to help you get more done. 

BroString::Set() Attempts Allocation of Negative-Length Memory

Description

When the tcp_packet() event is used, Bro may attempt to allocate memory that is negative in length (i.e. -6 bytes). Bro crashes with the following output:

tcmalloc: large alloc 0 bytes == (nil) @ 0x7f6abeaefc73 0x7f6abeb111c3 0x765e81 0x765b24 0x872562 0xaddc2f 0xaded94 0xb7aeca 0x775180 0x84105b 0x83f5c0 0x83f39d 0x7fb1bc 0xb3cde6 0x7fb3d9 0x750e98 0x7f6abdaf4ec5 0x72e553 (nil)
out of memory in new.
1103139821.634774 fatal error: out of memory in new.

The attached pcap file and bro script cause such a crash when run with the following command:

/usr/local/bro/bin/bro -r lbl-internal.20041215-1142.port004.dump.anon /usr/local/bro/share/bro/site/negativeMemory.bro

A core file is not being generated for me, despite following the directions for reporting problems (https://www.bro.org/support/reporting-problems.html#getting-more-information-after-acrash). The file named memory_trace.log shows an alternatively formatted traceback of the stack when the error occurs.

Environment

Linux Mint 17.1 (Ubuntu 14.04) on bare metal and in a VirtualBox VM.
Mac OS X 10.10.3

Status

Assignee

Robin Sommer

Reporter

Jonathan Ganz

Labels

External issue ID

None

Components

Fix versions

Affects versions

2.3
2.4

Priority

Normal