Hi Jean,
On Sun, May 28, 2017 at 10:15:28AM +0000, Jean LUBATTI wrote:
> There was a tcp-request inspect-delay of 2s in the configuration when running
> the repro, so it should be fine.
OK. However, I totally fail to reproduce the problem here using your config,
the build options I found in your executable, and the captured requests, they
are properly handled and passed. And since the crash happens inside memmove(),
the memory is displaced everywhere and the internal structures are not much
analyzable.
Could you please try again with the attached patch ? It's supposed to provoke
a segfault before the bogus call to memmove(), resulting in a "clean" core.
Thanks,
Willy
diff --git a/src/buffer.c b/src/buffer.c
index 4f8f647..70a01dd 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -87,6 +87,9 @@ int buffer_replace2(struct buffer *b, char *pos, char *end,
const char *str, int
return 0; /* no space left before wrapping data */
/* first, protect the end of the buffer */
+ if (bi_end(b) < end)
+ *(volatile int *)0 = 0;
+
memmove(end + delta, end, bi_end(b) - end);
/* now, copy str over pos */
