Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: NSE/Nsock segfault, script timeouts, NSE runlevel, etc
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 18 May 2009 16:31:29 +0000

Hash: SHA1

On Sun, 17 May 2009 23:40:54 -0600 or thereabouts Patrick Donnelly
<batrick () batbytes com> wrote:

The faulty assumption the nsock library binding is making is that
the thread will not be collected before the callback. This will be
corrected in the future (in the forthcoming rework of nse_nsock.cc)
by having each socket userdata maintain a reference to the thread.

This is definitely not the easiest of bugs to reproduce, even knowing
the cause. The SEGFAULT does not always happen so you should use
valgrind to verify the invalid use of freed memory is occurring. I
have applied a temporary patch pending the nsock library review in
r13331. NSE now keeps a reference to the thread in the nsock userdata
environment table to prevent collection so long as there are pending

ACK.  This bug was very hard for me to reproduce too.  With David's
help I learned a lot about Valgrind and GDB though which are proving to
be very valuable skills.

I applied you patch and started a big series of scans.  So far 10,000
have finished an not a single one has crashed.  Without the patch I was
getting about 1/1000 hosts crashing.

When the scans finish in about 6 days I'll send a note along with what,
if anything crashed.


Version: GnuPG v2.0.11 (GNU/Linux)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]