Known problems with g++4

segfault in list destructor

reproduce it

compile nepenthes and all modules with g++4
enable the x6 module
telnet localhost 10003 and type “dns sf.net”

how it looks like

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22309 seems to describe this bug

nepenthes startup (just to see the g++ version it was compiled with)

....
Nepenthes Version 0.1.1
Compiled on Sep  7 2005 14:20:05 with g++ 4.0.2 20050816 (prerelease) (Debian 4.0.1-5)

this is the nepenthes part, accepting the dns query, resolving it usng libadns, _trying_ to reply the resolved ips ...

[ debug net mgr ] Accepted Connection Socket TCP  (accept) 127.0.0.1:40799 -> 127.0.0.1:10003
30 Sockets in list
[ info net handler ] giving data tp X6Dialogue
[ info net handler ] sended 22 from 22 bytes
[ spam net handler ] done sending 22 bytes
[ info net handler ] <in virtual int32_t nepenthes::TCPSocket::doRecv()>
[ info mgr event ] <in uint32_t nepenthes::EventManager::handleEvent(nepenthes::Event*)>
[ spam net handler ] doRecv() 12
[ debug spam fixme ] addDNS: Adding DNS sf.net for ()
[ debug spam fixme ] addDNS: query  8092c08 for
[ debug spam fixme ] addDNS: Adding DNS  for ()
[ debug spam fixme ] addDNS: query  80bffe8 for
[ debug spam fixme ] addDNS: Adding DNS  for ()
[ debug spam fixme ] addDNS: query  80c00b8 for
[ info net handler ] <in virtual bool nepenthes::TCPSocket::doRespond(char*, uint32_t)>
[ info net handler ] <in virtual int32_t nepenthes::TCPSocket::doWrite(char*, uint32_t)>
[ debug spam fixme ] 3 DNS Resolves in Queue
[ debug info fixme ] resolved dns  (2 left)
[ debug spam fixme ]  0 resolves
[ spam module ] DNS has no ip, resolve error
[ info net handler ] <in virtual bool nepenthes::TCPSocket::doRespond(char*, uint32_t)>
[ info net handler ] <in virtual int32_t nepenthes::TCPSocket::doWrite(char*, uint32_t)>
[ debug info fixme ] resolved dns  (1 left)
[ debug spam fixme ]  0 resolves
[ spam module ] DNS has no ip, resolve error
[ info net handler ] <in virtual bool nepenthes::TCPSocket::doRespond(char*, uint32_t)>
[ info net handler ] <in virtual int32_t nepenthes::TCPSocket::doWrite(char*, uint32_t)>
[ info net handler ] giving data tp X6Dialogue
[ info net handler ] sended 22 from 22 bytes
[ info net handler ] giving data tp X6Dialogue
[ info net handler ] sended 25 from 25 bytes
[ info net handler ] giving data tp X6Dialogue
[ info net handler ] sended 25 from 25 bytes
[ spam net handler ] done sending 72 bytes
[ debug spam fixme ] 1 DNS Resolves in Queue
[ debug spam fixme ] 1 DNS Resolves in Queue
[ debug info fixme ] resolved dns sf.net (0 left)
[ debug spam fixme ]  1 resolves
[ debug spam fixme ] result '0 66.35.250.203
NUM 0
[ spam module ] DNS has ip 66.35.250.203
[ info net handler ] <in virtual bool nepenthes::TCPSocket::doRespond(char*, uint32_t)>
[ info net handler ] <in virtual int32_t nepenthes::TCPSocket::doWrite(char*, uint32_t)>
NUM 1 DONE

Program received signal SIGSEGV, Segmentation fault.

this is what gdb thinks about this

Program received signal SIGSEGV, Segmentation fault.
0x400df33e in __gnu_cxx::__pool<true>::_M_reclaim_block () from /usr/lib/libstdc++.so.6
(gdb) bt
#0  0x400df33e in __gnu_cxx::__pool<true>::_M_reclaim_block () from /usr/lib/libstdc++.so.6
#1  0x406d8dd2 in __gnu_cxx::__mt_alloc<std::_List_node<unsigned int>, __gnu_cxx::__common_pool_policy<__gnu_cxx::__pool, true> >::deallocate (
    this=0xbffff66c, __p=0x8088ff0, __n=1) at mt_allocator.h:746
#2  0x406d8ebd in std::_List_base<unsigned int, std::allocator<unsigned int> >::_M_clear (this=0xbffff66c) at stl_list.h:316
#3  0x406d6b58 in nepenthes::X6Dialogue::dnsResolved (this=0x8092c28, result=0xbffff6ac) at stl_list.h:332
#4  0x0804fc25 in nepenthes::DNSManager::callBack (this=0x8089358) at DNSManager.cpp:185
#5  0x080500d3 in nepenthes::DNSManager::pollDNS (this=0x8089358) at DNSManager.cpp:153
#6  0x0805fd86 in nepenthes::Nepenthes::doLoop (this=0xbffffb10) at Nepenthes.cpp:488
#7  0x08060ea0 in nepenthes::Nepenthes::run (this=0xbffffb10, argc=1, argv=0xbffffbd4) at Nepenthes.cpp:463
#8  0x080612e3 in main (argc=1, argv=0xbffffbd4) at Nepenthes.cpp:1024

this is the code that ‘fails’

bool X6Dialogue::dnsResolved(DNSResult *result)
{
	list <uint32_t> resolved = result->getIP4List();
 
	list <uint32_t>::iterator it;
	int32_t i=0;
	for (it=resolved.begin();it!=resolved.end();it++)
	{
		printf("NUM %i\n",i);
		logSpam( "DNS has ip %s \n",inet_ntoa(*(in_addr *)&*it));
		char *reply;
		asprintf(&reply,"DNS %s has ip %s (context %8x)\n",result->getDNS().c_str(), inet_ntoa(*(in_addr *)&*it), (uint32_t)result->getObject());
		m_Socket->doRespond(reply,strlen(reply));
		free(reply);
		
//		logSpam("foooo %s \n",msg.c_str());
		i++;
	}
	printf("NUM %i DONE\n",i);
	return true;
}

the problem occurs on the “return true”, the destructor for list <uint32_t> resolved gets called, and it simply segfaults.

solution

g++ 3

dont use g++4, use g++3.3.*

export something

this is damn weird, but

     export GLIBCPP_FORCE_NEW=1
     export GLIBCXX_FORCE_NEW=1

before starting nepenthes helps too

nepenthes

Development

Scene

Service

Misc