共享库中的分段错误。如何调试？

Question

我在程序中使用一个库(libnids)。我从库中调用函数nids_run，该函数继续运行，直到显式调用nids_exit为止。

我的程序处理SIGINT并调用nids_exit。中断处理程序通常会返回，但有时在库将控件返回给我的程序之前，我会收到一个分段错误。这是回溯GDB给我的：

#0  0x00007ffff6498b2a in ?? () from /usr/lib/libpcap.so.1
#1  0x00007ffff649bee1 in pcap_loop () from /usr/lib/libpcap.so.1
#2  0x00007ffff77bae66 in nids_run () from /usr/lib/libnids.so.1.24
#3  0x0000000000401e92 in main (argc=3, argv=0x7fffffffebf8) at eve.c:139

找出问题的最佳策略是什么？我应该以某种方式调试libpcap吗？

更新：是ArjunShankar推荐的，我运行我的程序。这是产出的一部分：

==7504== Invalid read of size 4
==7504==    at 0x654EDC1: ??? (in /usr/lib/libpcap.so.1.2.1)
==7504==    by 0x6551EE0: pcap_loop (in /usr/lib/libpcap.so.1.2.1)
==7504==    by 0x5250E65: nids_run (in /usr/lib/libnids.so.1.24)
==7504==    by 0x401E91: main (eve.c:139)
==7504==  Address 0x70eece8 is 40 bytes inside a block of size 768 free'd
==7504==    at 0x4C29A9E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==7504==    by 0x5250DEB: nids_exit (in /usr/lib/libnids.so.1.24)
==7504==    by 0x4026D0: signal_handler (signalhandling.c:17)
==7504==    by 0x5B6313F: ??? (in /lib/libpthread-2.15.so)
==7504==    by 0x5B5FC60: pthread_cond_timedwait@@GLIBC_2.3.2 (in /lib/libpthread-2.15.so)
==7504==    by 0x58E37D4: g_cond_wait_until (in /usr/lib/libglib-2.0.so.0.3200.1)
==7504==    by 0x587E2C0: ??? (in /usr/lib/libglib-2.0.so.0.3200.1)
==7504==    by 0x587E909: g_async_queue_timeout_pop (in /usr/lib/libglib-2.0.so.0.3200.1)
==7504==    by 0x4022D2: analyzer_thread_func (analyzers.c:93)
==7504==    by 0x58CA0C4: ??? (in /usr/lib/libglib-2.0.so.0.3200.1)
==7504==    by 0x5B5BE0D: start_thread (in /lib/libpthread-2.15.so)

更多的输出可以在：http://pastebin.com/93gkSScS中找到

Answer 1

libpcap (从nids_run内部)尝试在nids_exit free读取它们之后读取内存位置：

例如：

==7504== Invalid read of size 4
==7504==    at 0x654EDC1: ??? (in /usr/lib/libpcap.so.1.2.1)
==7504==    by 0x6551EE0: pcap_loop (in /usr/lib/libpcap.so.1.2.1)
==7504==    by 0x5250E65: nids_run (in /usr/lib/libnids.so.1.24)

Address 0x70eece8 is 40 bytes inside a block of size 768 free'd
==7504==    at 0x4C29A9E: free
==7504==    by 0x5250DEB: nids_exit (in /usr/lib/libnids.so.1.24)

这是一个768大小的块，即freed在nids_exit中，随后在nids_run中读取(显然还没有停止)。

所有其他错误都是相似的(nids_exit free的一个块，nids_run继续尝试使用它。

这意味着:您要么没有正确地使用libnids (nids_run/nids_exit)，要么在libnids中出现了一个bug。