[Lognorm] liblognorm - segfault issue - Debian Wheezy
Rainer Gerhards
rgerhards at hq.adiscon.com
Thu Mar 31 16:10:02 CEST 2011
OK, this is the problem:
Sagan - for good reason ;) - uses the most recent devel branch of liblognorm,
e.g. with "quoted-string" support. However, this is only available in git.
The currently released 0.1.0 does not support it AND aborts if it encounters
it (instead of gracefully erroring out). So the quick cure is to use the git
versions of the libs. Of course, I'll see that I do a couple of fresh
releases, hopefully tomorrow ;)
I have not completed the analysis 100%, but what I said is the cause with
99.9% probability. Will check the rest and post if it makes a difference (but
only then).
Rainer
> -----Original Message-----
> From: lognorm-bounces at lists.adiscon.com [mailto:lognorm-
> bounces at lists.adiscon.com] On Behalf Of Rainer Gerhards
> Sent: Thursday, March 31, 2011 12:47 PM
> To: lognorm
> Subject: Re: [Lognorm] liblognorm - segfault issue - Debian Wheezy
>
> Champ,
>
> Tom had reproduced the issue with Sagan and not with liblognorm tools
> themselves (as I had expected). So I began the analysis new this morning.
It
> looks like the liblognorm tools do not have any issue loading the rulebase.
> HOWEVER, I accidently tried an older version of it on one machine, and that
> one immediately blew up. I wonder if this could be the cause of the problem
> (too-old libs). But now it comes handy that Tom could reproduce with Sagan.
> I'll check what he has done and uses. If it is not an too-old version, and
so it
> appears only under Sagan, we need to join forces in order to debug it.
> Will let you know what I find out!
>
> Rainer
>
> > -----Original Message-----
> > From: lognorm-bounces at lists.adiscon.com [mailto:lognorm-
> > bounces at lists.adiscon.com] On Behalf Of Champ Clark III [Softwink]
> > Sent: Monday, March 21, 2011 3:38 PM
> > To: lognorm at lists.adiscon.com
> > Subject: [Lognorm] liblognorm - segfault issue - Debian Wheezy
> >
> >
> > Rainer,
> >
> > I received a report from a Sagan user that loading the normalization
> > files in Sagan is causing a segfault. I've not been able to reproduce
> > it
> myself
> > and I'm actively using the cisco-normalize.rulebase file in
> > production. I
> had
> > him run Sagan through gdb, and this is the editted output.
> >
> > It seems to load the first normalization rulebase fine, and blows up
> > on the cisco-normalize.rulebase.
> >
> > Program received signal SIGSEGV, Segmentation fault.
> > 0xb7fa1673 in ln_buildPTree () from /usr/lib/liblognorm.so.0
> > (gdb) bt
> > #0 0xb7fa1673 in ln_buildPTree () from /usr/lib/liblognorm.so.0
> > #1 0xb7fa21d9 in ln_sampRead () from /usr/lib/liblognorm.so.0
> > #2 0xb7fa01c3 in ln_loadSamples () from /usr/lib/liblognorm.so.0
> > #3 0x0804b4fc in main (argc=1, argv=0xbffffb74) at sagan.c:424
> > (gdb)
> >
> >
> > This is line 424 in sagan.c (it's the ln_loadSamples line)
> >
> > --<Snip>---
> > if (stat(liblognormtoloadstruct[i].filepath, &fileinfo)) sagan_log(1,
> > "%s
> was
> > not fonnd.", liblognormtoloadstruct[i].filepath);
> > ln_loadSamples(ctx, liblognormtoloadstruct[i].filepath);
> > --<snip>----
> >
> > I've attached the cisco-normalize.rulebase file as well. Any
> > ideas? I'm going to see if I can't somehow reproduce this. This was on
> > a Debian Wheezy box. I'll find out if he built the
> > libestr/libee/liblognorm himself or if he used the Debian package.
> >
> > Be back with more information shortly :)
> >
> > Thanks.
> > --
> > Champ Clark III | Softwink, Inc | 800-538-9357 x 101
> > http://www.softwink.com
> >
> > GPG Key ID: 58A2A58F
> > Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F
> > If it wasn't for C, we'd be using BASI, PASAL and OBOL.
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
More information about the Lognorm
mailing list