On 2017/10/13 14:29, kasak wrote: > Under control of debugger it was alive for 25 minutes, after that it show > this: > > Program received signal SIGSEGV, Segmentation fault. > [Switching to thread 230063] > strchr () at /usr/src/lib/libc/arch/amd64/string/strchr.S:58 > 58 /usr/src/lib/libc/arch/amd64/string/strchr.S: No such file or > directory. > in /usr/src/lib/libc/arch/amd64/string/strchr.S > Current language: auto; currently asm > (gdb) > > And here is bt full: > > #0 strchr () at /usr/src/lib/libc/arch/amd64/string/strchr.S:58 > No locals. > #1 0x00001ff16d963714 in Flow::dissectHTTP (this=0x1ff4222c5000, > src2dst_direction=true, > payload=0x1ff429770f84 > "data=%7B%22H%22%3A%22systemstatehub%22%2C%22M%22%3A%22GetConnectionsState%22%2C%22A%22%3A%5B%5D%2C%22I%22%3A1746%7D\n%?\234\221U\204" > <Address 0x1ff429771000 out of bounds>, payload_len=115) at string.h:74 > space = 0x1ff429770c3f " > tvema.filter.calculationPeriodicity.railwayCode=24; > tvema.filter.calculationPeriodicity.numberPch=4; > tvema.filter.calculationPeriodicity.year=2017; > tvema.calculationPeriodicity.calculation=0; tvema.f"... > h = (HTTPstats *) 0x0
Thanks. So looking at this and the source code, it shows it is using strchr() to look for the position of a space character in the payload data. But the str* functions expect a NUL-terminated string, and the string here is not, so strchr searches beyond the end of the payload, looking for either a NUL or a space. This code hasn't changed in 3.0, so the problem will still exist there. I have created an issue upstream: https://github.com/ntop/ntopng/issues/1518
