Aborted in Tcptrace at trace.c:1294
Ngiong opened this issue · comments
Hello,
We are currently working on a new fuzz testing feature, and we found a crash in tcptrace.
Step to Reproduce
We configured and built libpcap-1.9.1 using CFLAGS="-g -O0" ./configure and make
and configured tcptrace using CFLAGS="-L${LIBPCAP_PATH}/lib -I${LIBPCAP_PATH}/include" LDFLAGS="-L${LIBPCAP_PATH}/lib -lpcap" ./configure and built using make, and run it with:
./tcptrace -l -o5 -c --nowarn_printbadmbz -N --continuous -zx <attached file> --nowarn_printtrunc --noshowrexmit -n --nores_addr
Attachment: poc_0005.txt
Environment
- OS: Ubuntu 18.04.4 LTS
- Compiler: gcc 7.5.0
- tcptrace version: 6.6.7 (http://www.tcptrace.org/download/tcptrace-6.6.7.tar.gz)
- libpcap version: 1.9.1 (https://www.tcpdump.org/release/libpcap-1.9.1.tar.gz)
Additional context
Here's the stack trace: stack_trace_0005.txt
Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff76868b1 in __GI_abort () at abort.c:79
#2 0x00007ffff76cf907 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff77fcdfa "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff76d697a in malloc_printerr (str=str@entry=0x7ffff77fea88 "double free or corruption (fasttop)") at malloc.c:5350
#4 0x00007ffff76de074 in _int_free (have_lock=0, p=0x714000, av=0x7ffff7a31c40 <main_arena>) at malloc.c:4230
#5 __GI___libc_free (mem=0x714010) at malloc.c:3124
#6 0x0000000000425c74 in RemoveTcpPair (tcp_ptr=0x6fa000) at trace.c:1294
#7 0x0000000000425b32 in RemoveConn (tcp_ptr=0x6fa000) at trace.c:1253
#8 0x0000000000426177 in RemoveOldConns (conn_list_head=0x6cc900 <closed_conn_list_head>, conn_list_tail=0x6cc8f8 <closed_conn_list_tail>, expire_interval=480, num_conn_check=0 '\000', conn_count=0x0) at trace.c:1220
#9 0x0000000000422fd7 in UpdateConnLists (tcp_ptr=0x6fa040, ptcp=0x6e7534) at trace.c:1113
#10 0x0000000000420bdf in dotrace (pip=0x6e7520, ptcp=0x6e7534, plast=0x6e754b) at trace.c:2469
#11 0x0000000000417b7e in ProcessFile (filename=0x7fffffffe203 "input") at tcptrace.c:1167
#12 0x00000000004158ea in main (argc=5, argv=0x7fffffffde48) at tcptrace.c:785
Thank you.