[Bug 64533] New: Http crashes observed during fuzzing testing

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 64533] New: Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

            Bug ID: 64533
           Summary: Http crashes observed during fuzzing testing
           Product: Apache httpd-2
           Version: 2.4.41
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: All
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

http crashes was observed during the fuzzing testing. The http version is
Apache/2.4.41 (Unix). See logs attached. Please check it what is the cause of
this problem.

   Note: Fuzzing testing is to send malformed packets targets to the service to
verify the http service robustness under this situation.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #1 from [hidden email] <[hidden email]> ---
Created attachment 37314
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37314&action=edit
coredump

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #2 from [hidden email] <[hidden email]> ---
Created attachment 37315
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37315&action=edit
coredump_2

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #3 from Ruediger Pluem <[hidden email]> ---
We need:

1. Stacktraces from gdb (see
http://httpd.apache.org/dev/debugging.html#crashes). The coredumps need to be
analyzed on the system where they got created.
2. We need the error and access logs that were recorded during the crash. The
more verbose the error logs the better.
3. We need the configuration used during the test.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #4 from [hidden email] <[hidden email]> ---
Created attachment 37323
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37323&action=edit
backtrace

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #5 from [hidden email] <[hidden email]> ---
Created attachment 37324
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37324&action=edit
configuration files

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #6 from [hidden email] <[hidden email]> ---
The backtrace and configuration files attached for your further checking.
Please let us know if anything needed.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #7 from Ruediger Pluem <[hidden email]> ---
Unfortunately the stacktraces do not help as they are not complete. Please try
to install debugging symbols for APR / APR-UTIL and httpd as well.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

[hidden email] <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |wei-mark.zheng@nokia-sbell.
                   |                            |com

--- Comment #8 from [hidden email] <[hidden email]> ---
Created attachment 37355
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37355&action=edit
debug logs with 2.4.43

we have reproduced the issue and collected the logs again with http 2.4.43.
Attached the tar file which has details. Please check.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #9 from Ruediger Pluem <[hidden email]> ---
Unfortunately the stacktraces are still incomplete.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #10 from [hidden email] <[hidden email]> ---
Thanks for the feedback.
We are not sure what step is missing during the stacktraces capture.
Could you please kindly give some guidelines on the procedure to capture a full
stacktraces for your analysis ? Thanks.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

[hidden email] <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|2.4.41                      |2.4.43

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #11 from [hidden email] <[hidden email]> ---
BTW: could you share your mailaddress, then it would be more effective to
discuss directly in the mail.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #12 from [hidden email] <[hidden email]> ---
Created attachment 37358
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37358&action=edit
backtraces_0710

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64533] Http crashes observed during fuzzing testing

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64533

--- Comment #13 from [hidden email] <[hidden email]> ---
Latest backtraces attached. This is following the guidelines
http://httpd.apache.org/dev/debugging.html#crashes. If this is  no completed
traces, then can we have a virtual-meeting or mail discussion to discuss how to
proceeded for us ? Thanks.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]