Hui Lin_std::length_error


So far my DNP3 analzyer works OK on well-formatted DNP3 dump, even the packets are not in the right order.

However, when I test it again some fuzzied DNP3 packets, this error sometimes happens. The weird thing is that, I run the same dump several times, sometimes, it can finish the work with weird.log, and sometimes Bro throws out this error.

terminate called after throwing an instance of ‘std::length_error’
what(): vector::reserve

Any idea?

A guess without looking at the code: could it be taking a value from
the input to then determine the size of a vector? If so, a fuzzed
value may turn into a value larger than the vector can grow to.

If you attach a debugger, it should show you where the exception is
raised (in the generated binpac code, though, so you may need to do a
bit of digging what the corresponding .pac part is).