[Lognorm] liblognorm - segfault issue - Debian Wheezy
Rainer Gerhards
rgerhards at hq.adiscon.com
Thu Mar 31 12:46:34 CEST 2011
Champ,
Tom had reproduced the issue with Sagan and not with liblognorm tools
themselves (as I had expected). So I began the analysis new this morning. It
looks like the liblognorm tools do not have any issue loading the rulebase.
HOWEVER, I accidently tried an older version of it on one machine, and that
one immediately blew up. I wonder if this could be the cause of the problem
(too-old libs). But now it comes handy that Tom could reproduce with Sagan.
I'll check what he has done and uses. If it is not an too-old version, and so
it appears only under Sagan, we need to join forces in order to debug it.
Will let you know what I find out!
Rainer
> -----Original Message-----
> From: lognorm-bounces at lists.adiscon.com [mailto:lognorm-
> bounces at lists.adiscon.com] On Behalf Of Champ Clark III [Softwink]
> Sent: Monday, March 21, 2011 3:38 PM
> To: lognorm at lists.adiscon.com
> Subject: [Lognorm] liblognorm - segfault issue - Debian Wheezy
>
>
> Rainer,
>
> I received a report from a Sagan user that loading the normalization
> files in Sagan is causing a segfault. I've not been able to reproduce it
myself
> and I'm actively using the cisco-normalize.rulebase file in production. I
had
> him run Sagan through gdb, and this is the editted output.
>
> It seems to load the first normalization rulebase fine, and blows up
> on the cisco-normalize.rulebase.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0xb7fa1673 in ln_buildPTree () from /usr/lib/liblognorm.so.0
> (gdb) bt
> #0 0xb7fa1673 in ln_buildPTree () from /usr/lib/liblognorm.so.0
> #1 0xb7fa21d9 in ln_sampRead () from /usr/lib/liblognorm.so.0
> #2 0xb7fa01c3 in ln_loadSamples () from /usr/lib/liblognorm.so.0
> #3 0x0804b4fc in main (argc=1, argv=0xbffffb74) at sagan.c:424
> (gdb)
>
>
> This is line 424 in sagan.c (it's the ln_loadSamples line)
>
> --<Snip>---
> if (stat(liblognormtoloadstruct[i].filepath, &fileinfo)) sagan_log(1, "%s
was
> not fonnd.", liblognormtoloadstruct[i].filepath);
> ln_loadSamples(ctx, liblognormtoloadstruct[i].filepath);
> --<snip>----
>
> I've attached the cisco-normalize.rulebase file as well. Any
> ideas? I'm going to see if I can't somehow reproduce this. This was on
> a Debian Wheezy box. I'll find out if he built the
> libestr/libee/liblognorm himself or if he used the Debian package.
>
> Be back with more information shortly :)
>
> Thanks.
> --
> Champ Clark III | Softwink, Inc | 800-538-9357 x 101
> http://www.softwink.com
>
> GPG Key ID: 58A2A58F
> Key fingerprint = 7734 2A1C 007D 581E BDF7 6AD5 0F1F 655F 58A2 A58F If it
> wasn't for C, we'd be using BASI, PASAL and OBOL.
More information about the Lognorm
mailing list