Segmentation fault on last bro svn with dhcp.bro and --use-binpac

Description

Hi,
When I run bro150pre (compiled with ipv6) with --use-binpac and -r joignedfile.pcap and dhcp(.bro) option, I have a segmentation fault.
Same pb with bro v1.4.0.

Program received signal SIGSEGV, Segmentation fault.
Connection::Weird (this=0x201, name=0x82565ee "DHCP_no_type_option")
at Conn.cc:636
636 weird = 1;
(gdb) bt full
#0 Connection::Weird (this=0x201, name=0x82565ee "DHCP_no_type_option")
at Conn.cc:636
No locals.
0x081e9711 in binpac:HCP:HCP_Flow::get_dhcp_msgtype (this=0x9dc0e78,
options=0x9dc10f8) at ../src/Analyzer.h:245
type = <value optimized out>
0x081eb303 in binpac:HCP:HCP_Message:arse (this=0x9dc2980,
t_begin_of_data=0x9daff0c "\001\001\006", t_end_of_data=0x9db0038 "",
t_context=0x9dc1758) at dhcp_pac.cc:559
t_options+elem+size = <value optimized out>
t_options+elem+dataptr = (const_byteptr) 0x9dafffd ""
t_DHCP_Message+size = 241
t_dataptr_after_options = <value optimized out>
PRETTY_FUNCTION = "int binpac:HCP:HCP_Message:arse(const
binpac::uint8*, const binpac::uint8*, binpac:HCP::ContextDHCP*)"
0x081eb48c in binpac:HCP:HCP_Flow::NewData (this=0x9dc0e78,
t_begin_of_data=0x9daff0c "\001\001\006", t_end_of_data=0x9db0038 "")
at dhcp_pac.cc:635
No locals.
0x08071c8d in Analyzer::NextPacket (this=0x9dc0e20, len=300,
data=0x9daff0c "\001\001\006", is_orig=true, seq=-1, ip=0xbfaaec7c,
caplen=136668654) at Analyzer.cc:334
No locals.
---Type <return> to continue, or q <return> to quit---
0x08071e9a in Analyzer::ForwardPacket (this=0x9dc1d10, len=300,
data=0x9daff0c "\001\001\006", is_orig=true, seq=-1, ip=0xbfaaec7c,
caplen=300) at Analyzer.cc:426
current = (Analyzer *) 0x9dc0e20
i = <value optimized out>
0x081b3842 in UDP_Analyzer:eliverPacket (this=0x9dc1d10, len=300,
data=0x9daff04 "", is_orig=true, seq=-1, ip=0xbfaaec7c,
caplen=<value optimized out>) at UDP.cc:166
vl = (val_list *) 0x9dc1cfc
port_val = {<Val> = {<BroObj> = {<SerialObj> = {
_vptr.SerialObj = 0xb88120, static NEVER = 0, static ALWAYS = 1,
static factories = 0x9b4e930, static names = 0x9b4e950,
static time_counter = 483}, in_ser_cache = 8, location = 0xbfaaea98,
ref_cnt = 11144894, static suppress_runtime = 0},
static register_type = {<No data fields>}, tid = {id = 171810783520,
static counter = 44910}, val = {int_val = 165422456,
uint_val = 165422456, addr_val = 0x9dc2578, subnet_val = {net = {
165422456, 165412884, 8, 3215649464}, width = 135472165},
double_val = 3.5568581552422788e-261, string_val = 0x9dc2578,
func_val = 0x9dc2578, file_val = 0x9dc2578, re_val = 0x9dc2578,
table_val = 0x9dc2578, val_list_val = 0x9dc2578,
vector_val = 0x9dc2578}, type = 0x28, attribs = 0x9dc1cfc},

static register_type = {<No data fields>}, tid = {id = 710444731003305986,

---Type <return> to continue, or q <return> to quit---
static counter = 44910}}
result = <value optimized out>
ulen = 300
+PRETTY_FUNCTION__ = "virtual void UDP_Analyzer:eliverPacket(int,
const u_char*, bool, int, const IP_Hdr*, int)"
0x08071c8d in Analyzer::NextPacket (this=0x9dc1d10, len=308,
data=0x9daff04 "", is_orig=true, seq=-1, ip=0xbfaaec7c, caplen=136668654)
at Analyzer.cc:334
No locals.
0x080858e5 in Connection::NextPacket (this=0x9dc1c6c, t=1257158012.610261,
is_orig=1, ip=0xbfaaec7c, len=308, caplen=308, data=@0xbfaaebdc,
record_packet=@0xbfaaebd8, record_content=@0xbfaaebd4, hdr=0x9dafa40,
pkt=0x9dafee2 "", hdr_size=14) at Conn.cc:247
No locals.
0x08183a8d in NetSessions:oNextPacket (this=0x9dbfee8,
t=1257158012.610261, hdr=0x9dafa40, ip_hdr=0xbfaaec7c,
pkt=0x9dafee2 "", hdr_size=14) at Sessions.cc:663
ih = <value optimized out>
caplen = 308
ip4 = (const ip *) 0x9dafef0
len = <value optimized out>
proto = 17
f = (class FragReassembler *) 0x0
---Type <return> to continue, or q <return> to quit---
frag_field = <value optimized out>
min_hdr_len = <value optimized out>
data = (const u_char *) 0x9daff04 ""
id = {src_addr = 0xbfaaec84, dst_addr = 0xbfaaec94, src_port = 17408,

dst_port = 17152, is_one_way = false}

d = (class Dictionary *) 0x9dc0008
pass_to_conn_compressor = <value optimized out>
h = (HashKey *) 0x9d2eb58
conn = (class Connection *) 0x9dc1c6c
record_packet = 1
record_content = 1
0x081841ed in NetSessions::NextPacket (this=0x9dbfee8,
t=1257158012.610261, hdr=0x9dafa40, pkt=0x9dafee2 "", hdr_size=14,
pkt_elem=0x0) at Sessions.cc:305
ip_hdr = {ip4 = 0x9dafef0, ip6 = 0x0, src_addr = {0, 0, 0, 0},

dst_addr = {0, 0, 0, 4294967295}, del = 0}

0x0813f2a1 in net_packet_dispatch (t=1257158012.610261, hdr=0x9dafa40,
pkt=0x9dafee2 "", hdr_size=14, src_ps=0x9dafa08, pkt_elem=0x0)
at Net.cc:435
tmgr = <value optimized out>
sp = <value optimized out>
load_freq = 0
0x0813f7a9 in net_packet_arrival (t=1257158012.610261, hdr=0x9dafa40,
---Type <return> to continue, or q <return> to quit---
pkt=0x9dafee2 "", hdr_size=14, src_ps=0x9dafa08) at Net.cc:498
No locals.
0x0814e5bf in PktSrc:rocess (this=0x9dafa08) at PktSrc.cc:199
No locals.
0x0813f527 in net_run () at Net.cc:528
ts = 1257158012.610261
src = (IOSource *) 0x201
0x0804f80f in main (argc=1346586692, argv=0xbfaaf144) at main.cc:999
flow = FLOW_NEXT
f = {<BroObj> = {<SerialObj> = {_vptr.SerialObj = 0x8249f28,
static NEVER = 0, static ALWAYS = 1, static factories = 0x9b4e930,
static names = 0x9b4e950, static time_counter = 483},
in_ser_cache = false, location = 0x0, ref_cnt = 1,
static suppress_runtime = 0}, frame = 0x9dc0478, size = 1194,

function = 0x0, func_args = 0x0, next_stmt = 0x0,

break_before_next_stmt = false, break_on_return = false, trigger = 0x0,

call = 0x0, delayed = false}

interfaces = {<BaseList> = {entry = 0x9b52538, chunk_size = 10,
max_entries = 10, num_entries = 0}, <No data fields>}
read_files = {<BaseList> = {entry = 0x9b52568, chunk_size = 10,
max_entries = 10, num_entries = 1}, <No data fields>}
netflows = {<BaseList> = {entry = 0x9b52598, chunk_size = 10,
max_entries = 10, num_entries = 0}, <No data fields>}
---Type <return> to continue, or q <return> to quit---
flow_files = {<BaseList> = {entry = 0x9b525c8, chunk_size = 10,
max_entries = 10, num_entries = 0}, <No data fields>}
rule_files = {<BaseList> = {entry = 0x9b525f8, chunk_size = 10,
max_entries = 10, num_entries = 1}, <No data fields>}
transformed_writefile = 0x0
bst_file = 0x0
id_name = 0x0
events_file = 0x0
seed_load_file = 0x0
seed_save_file = 0x0
seed = 0
dump_cfg = 0
do_watchdog = 0
override_ignore_checksums = 0
rule_debug = 0
RE_level = 4
dns_type = DNS_FAKE
oldhandler = <value optimized out>
p = <value optimized out>
long_optsind = 35
opts = "A:a:B:e:f:I:i:K:n:R:r:s:T:t:U:w:x:X:y:Y:z:CFGHLOPSWdghlv",
'\0' <repeats 195 times>
op = <value optimized out>
---Type <return> to continue, or q <return> to quit---
script_rule_files = <value optimized out>
tmp = 0x0
s = <value optimized out>
bro_alarm_file = <value optimized out>
bro_init = {handler = 0x9b6d138}
dead_handlers = <value optimized out>
alive_handlers = <value optimized out>
long_opts = {{name = 0x82251d9 "debug-policy", has_arg = 0,
flag = 0x0, val = 100}, {name = 0x82251e6 "dump-config", has_arg = 0,
flag = 0x0, val = 103}, {name = 0x82251f2 "exec", has_arg = 1, flag = 0x0,
val = 101}, {name = 0x823bc9d "filter", has_arg = 1, flag = 0x0,
val = 102}, {name = 0x82251f7 "help", has_arg = 0, flag = 0x0, val = 104},

{name = 0x82251fc "iface", has_arg = 1, flag = 0x0, val = 105}, {

name = 0x8225202 "print-scripts", has_arg = 0, flag = 0x0, val = 108}, {
name = 0x82507d3 "prefix", has_arg = 1, flag = 0x0, val = 112}, {
name = 0x8225210 "readfile", has_arg = 1, flag = 0x0, val = 114}, {
name = 0x8225219 "flowfile", has_arg = 1, flag = 0x0, val = 121}, {
name = 0x8225222 "netflow", has_arg = 1, flag = 0x0, val = 89}, {
name = 0x822522a "rulefile", has_arg = 1, flag = 0x0, val = 115}, {
name = 0x8225233 "tracefile", has_arg = 1, flag = 0x0, val = 116}, {
name = 0x822523d "writefile", has_arg = 1, flag = 0x0, val = 119}, {
name = 0x824698f "version", has_arg = 0, flag = 0x0, val = 118}, {
name = 0x8225247 "print-state", has_arg = 1, flag = 0x0, val = 120}, {
---Type <return> to continue, or q <return> to quit---
name = 0x8225253 "analyze", has_arg = 1, flag = 0x0, val = 122}, {
name = 0x822525b "transfile", has_arg = 1, flag = 0x0, val = 65}, {
name = 0x8225265 "no-checksums", has_arg = 0, flag = 0x0, val = 67}, {
name = 0x8225272 "dfa-cache", has_arg = 1, flag = 0x0, val = 68}, {
name = 0x822527c "force-dns", has_arg = 0, flag = 0x0, val = 70}, {
name = 0x8225286 "load-seeds", has_arg = 1, flag = 0x0, val = 71}, {
name = 0x8225291 "save-seeds", has_arg = 1, flag = 0x0, val = 72}, {
name = 0x822529c "set-seed", has_arg = 1, flag = 0x0, val = 74}, {
name = 0x82252a5 "md5-hashkey", has_arg = 1, flag = 0x0, val = 75}, {
name = 0x82252b1 "rule-benchmark", has_arg = 0, flag = 0x0, val = 76}, {
name = 0x82252c0 "optimize", has_arg = 0, flag = 0x0, val = 79}, {
name = 0x82252c9 "prime-dns", has_arg = 0, flag = 0x0, val = 80}, {
name = 0x82252d3 "replay", has_arg = 1, flag = 0x0, val = 82}, {
name = 0x82252da "debug-rules", has_arg = 0, flag = 0x0, val = 83}, {
name = 0x82252e6 "re-level", has_arg = 1, flag = 0x0, val = 82}, {
name = 0x82252ef "watchdog", has_arg = 0, flag = 0x0, val = 87}, {
name = 0x82252f8 "print-id", has_arg = 1, flag = 0x0, val = 73}, {
name = 0x8225301 "status-file", has_arg = 1, flag = 0x0, val = 85}, {
name = 0x822530d "pseudo-realtime", has_arg = 2, flag = 0x0, val = 69}, {
name = 0x822531d "use-binpac", has_arg = 0, flag = 0x82b3d48, val = 1}, {
name = 0x0, has_arg = 0, flag = 0x0, val = 0}}

Regards
Rmkml
Crusoe-Researches.com

Environment

None

Assignee

Unassigned

Reporter

rmkml

External issue ID

198

Components

Affects versions

Priority

Normal
Configure