[syslog-ng] Hitting g_assert when using sanitize-utf8 enabled!
James Elstone
james at elstone.net
Fri Jan 6 13:06:45 UTC 2017
Hi Attila,
Thanks for responding!
The message contained 954 bytes on the wire with 70 non printable chars, generated from a Windows 2k12 security event log (event id 4648) entry. I make it 1164 bytes once encoded...
The non-utf8 chars being sent were a mix of all \0x7f\0x7f except one \0x92 char towards the end with one further \0x7f\0x7f there after.
Going to give a few things a go, very helpful!!
Kr,
James
On 6 January 2017 12:41:03 GMT+00:00, "Szalai, Attila" <Attila.Szalai at morganstanley.com> wrote:
>Hi James,
>
>Checking the source, it means the following:
>
>The code allocate a buffer 6 times bigger than the original string
>length to able to hold the escaped form of the utf-8 character.
>
>The assert means, that the string, after escaping was not fit into this
>buffer for some reason. Or, to be more precise, the GString
>implementation decided that it should reallocate the string, which
>usually only happen if the string gets too big to fit into its original
>place. Currently I have no recent glib source to check if I’m right.
>
>The original string could help a lot to find the root cause.
>
>Ps.: the escaping works as replacing the original byte with \xHH, so
>theoretically it can only grows from 1 byte to 4, which should fit into
>a buffer 6 times bigger than the original size.
>
>From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf
>Of James Elstone
>Sent: Thursday, January 05, 2017 10:35 PM
>To: syslog-ng at lists.balabit.hu
>Subject: [syslog-ng] Hitting g_assert when using sanitize-utf8 enabled!
>
>Hi Balabit et al,
>
>When using the sanitize-utf8 flag I am hitting a g_assert in
>modules/syslogformat/syslog-format.c; what could be causing this?
>
>Any advice welcome!!
>
>Kr,
>
>James
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
>
>________________________________
>
>NOTICE: Morgan Stanley is not acting as a municipal advisor and the
>opinions or views contained herein are not intended to be, and do not
>constitute, advice within the meaning of Section 975 of the Dodd-Frank
>Wall Street Reform and Consumer Protection Act. If you have received
>this communication in error, please destroy all electronic and paper
>copies and notify the sender immediately. Mistransmission is not
>intended to waive confidentiality or privilege. Morgan Stanley reserves
>the right, to the extent permitted under applicable law, to monitor
>electronic communications. This message is subject to terms available
>at the following link: http://www.morganstanley.com/disclaimers If you
>cannot access these links, please notify us by reply message and we
>will send the contents to you. By communicating with Morgan Stanley you
>consent to the foregoing and to the voice recording of conversations
>with personnel of Morgan Stanley.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170106/d6a7efd3/attachment-0001.html>
More information about the syslog-ng
mailing list