Hui Lin_std::length_error

Hui_Lin · July 23, 2012, 9:46pm

HI,

So far my DNP3 analzyer works OK on well-formatted DNP3 dump, even the packets are not in the right order.

However, when I test it again some fuzzied DNP3 packets, this error sometimes happens. The weird thing is that, I run the same dump several times, sometimes, it can finish the work with weird.log, and sometimes Bro throws out this error.

terminate called after throwing an instance of ‘std::length_error’
what(): vector::reserve
Aborted

Any idea?

robin · July 24, 2012, 2:41pm

A guess without looking at the code: could it be taking a value from
the input to then determine the size of a vector? If so, a fuzzed
value may turn into a value larger than the vector can grow to.

If you attach a debugger, it should show you where the exception is
raised (in the generated binpac code, though, so you may need to do a
bit of digging what the corresponding .pac part is).

Robin

Topic		Replies	Views
Hui Lin_Out of Bound Exception from flowunit Development development	5	106	May 6, 2022
Hui Lin_Merging DNP3 analyzer Development development	7	76	May 6, 2022
Hui Lin_DNP3 analyzer not working in current version of zeek Zeek	5	92	May 6, 2022
Hui Lin_Binpac: handle incremental input for flowunit Development development	8	121	May 6, 2022
initial buffer length Zeek	2	97	May 6, 2022

Hui Lin_std::length_error

Related topics