Nmap Development mailing list archives

Re: NMAP Error

From: David Fifield <david () bamsoftware com>
Date: Fri, 14 Jun 2013 10:26:54 -0700

On Sat, May 18, 2013 at 10:05:16PM +0200, Gisle Vanem wrote:

"David Fifield" <david () bamsoftware com> wrote:

2. Try running the command from another (non-Windows) computer, and save
 the output as XML.
   nmap -T4 -A -v 10.220.7.0-254 -oX scan.xml
 Then try opening scan.xml in Zenmap on Windows and see if it crashes.


I also hit this crash (debug-assert) with this command:
 nmap -v -A 10.0.0.1-6

Just before nmap is to report the result for 10.0.0.4 (my Canon printer),
the Debug Assertion box comes up. Analysing this in WinDbg reveals a
problem with:

 currenths->scriptResults.sort(scriptid_lessthan);
 (in output.cc / printhostscriptresults).

The stacktrace at this point is:

MSVCP100D!std::_Debug_message+0x23
nmap!std::_Debug_lt_pred<bool +0xf1
nmap!std::list<ScriptResult,std::allocator<ScriptResult> >::merge<bool +0x195
nmap!std::list<ScriptResult,std::allocator<ScriptResult> >::sort<bool +0x234
nmap!printhostscriptresults+0x6e
nmap!nmap_main+0x14ed
nmap!main+0x1ff
nmap!__tmainCRTStartup(void)+0x1bf
nmap!mainCRTStartup(void)+0xf
kernel32!BaseProcessStart+0x23

I'm not sure what the problem is (I don't know STL that well). Maybe
'scriptResults' is not initialised properly? Or it's contents by default is
initialised to something else in MSVC debug-build; I see some values
with 0xCDCDCDCD. That's typical in debug-mode.


I think I found the cause of this bug. It was introduced in r30334. What
was happening was that two std::strings were being compared by their
c_str(); but erroneously the addresses of the two strings were compared
rather than their contents. Probably the address could change with each
call to c_str, and the assertion failure detected that the comparison
operator was inconsistent.

I think the bug would be hit only if there were two (or maybe three) or
more hostrule script outputs for a given target, which explains why it
didn't always happen.

Please try r30929 and see if the problem is fixed.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NMAP Error Yen-Sung Mao (May 10)
- Re: NMAP Error David Fifield (May 10)
  - RE: NMAP Error Yen-Sung Mao (May 11)
    - RE: NMAP Error Yen-Sung Mao (May 15)
    - Re: NMAP Error David Fifield (May 17)
    - Re: NMAP Error Gisle Vanem (May 18)
    - Re: NMAP Error David Fifield (May 18)
    - Re: NMAP Error David Fifield (Jun 14)