<html v="urn:schemas-microsoft-com:vml" o="urn:schemas-microsoft-com:office:office" w="urn:schemas-microsoft-com:office:word" m="http://schemas.microsoft.com/office/2004/12/omml"><head><!-- Template generated by Exclaimer Template Editor on 07:41:16 Friday, 6 January 2017 -->
<style type="text/css">P.0f746879-6d2b-4734-82be-b557c0c6c4ff {
MARGIN: 0cm 0cm 0pt
}
LI.0f746879-6d2b-4734-82be-b557c0c6c4ff {
MARGIN: 0cm 0cm 0pt
}
DIV.0f746879-6d2b-4734-82be-b557c0c6c4ff {
MARGIN: 0cm 0cm 0pt
}
TABLE.0f746879-6d2b-4734-82be-b557c0c6c4ffTable {
MARGIN: 0cm 0cm 0pt
}
DIV.Section1 {
page: Section1
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="Generator" content="Microsoft Word 14 (filtered medium)" />
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head><body lang="EN-US" link="blue" vlink="purple">Hi Attila,<br>
<br>
Thanks for responding!<br>
<br>
The message contained 954 bytes on the wire with 70 non printable chars, generated from a Windows 2k12 security event log (event id 4648) entry. I make it 1164 bytes once encoded...<br>
<br>
The non-utf8 chars being sent were a mix of all \0x7f\0x7f except one \0x92 char towards the end with one further \0x7f\0x7f there after.<br>
<br>
Going to give a few things a go, very helpful!!<br>
<br>
Kr,<br>
<br>
James<br>
<br>
<br><br><div class="gmail_quote">On 6 January 2017 12:41:03 GMT+00:00, "Szalai, Attila" <Attila.Szalai@morganstanley.com> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<p>
</p><div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi James,<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Checking the source, it means the following:<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The code allocate a buffer 6 times bigger than the original string length to able to hold the escaped form of the utf-8 character.<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The assert means, that the string, after escaping was not fit into this buffer for some reason. Or, to be more precise, the GString implementation decided that
it should reallocate the string, which usually only happen if the string gets too big to fit into its original place. Currently I have no recent glib source to check if I’m right.<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The original string could help a lot to find the root cause.<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Ps.: the escaping works as replacing the original byte with \xHH, so theoretically it can only grows from 1 byte to 4, which should fit into a buffer 6 times
bigger than the original size.<p></p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><p> </p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> syslog-ng [mailto:syslog-ng-bounces@lists.balabit.hu]
<b>On Behalf Of </b>James Elstone<br />
<b>Sent:</b> Thursday, January 05, 2017 10:35 PM<br />
<b>To:</b> syslog-ng@lists.balabit.hu<br />
<b>Subject:</b> [syslog-ng] Hitting g_assert when using sanitize-utf8 enabled!<p></p></span></p>
</div>
</div>
<p class="MsoNormal"></p><p> </p>
<p class="MsoNormal">Hi Balabit et al,<br />
<br />
When using the sanitize-utf8 flag I am hitting a g_assert in modules/syslogformat/syslog-format.c; what could be causing this?<br />
<br />
Any advice welcome!!<br />
<br />
Kr,<br />
<br />
James<br /></p></div></div></blockquote></div><br>
-- <br>
Sent from my Android device with K-9 Mail. Please excuse my brevity.</body></html>