Re: NSE/Nsock segfault, script timeouts, NSE runlevel, etc

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 17 May 2009 23:40:54 -0600 or thereabouts Patrick Donnelly
<batrick () batbytes com> wrote:

> > The faulty assumption the nsock library binding is making is that
> > the thread will not be collected before the callback. This will be
> > corrected in the future (in the forthcoming rework of nse_nsock.cc)
> > by having each socket userdata maintain a reference to the thread.
>
> This is definitely not the easiest of bugs to reproduce, even knowing
> the cause. The SEGFAULT does not always happen so you should use
> valgrind to verify the invalid use of freed memory is occurring. I
> have applied a temporary patch pending the nsock library review in
> r13331. NSE now keeps a reference to the thread in the nsock userdata
> environment table to prevent collection so long as there are pending
> events.

ACK.  This bug was very hard for me to reproduce too.  With David's
help I learned a lot about Valgrind and GDB though which are proving to
be very valuable skills.

I applied you patch and started a big series of scans.  So far 10,000
have finished an not a single one has crashed.  Without the patch I was
getting about 1/1000 hosts crashing.

When the scans finish in about 6 days I'll send a note along with what,
if anything crashed.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)

iEYEARECAAYFAkoRjWIACgkQqaGPzAsl94LqqQCfXcDFQ/Wlcsh04F2zc+rjEd18
bA4An1zZMm6jP52fHlw/lALkWW1mVTsF
=i2jY
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org