Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Segmentation fault in http_parser_execute #4
I managed to crash the process by using a couple of methods.
First method: sending an incomplete request. Proof of concept script:
#!/usr/bin/env python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("127.0.0.1", 1337)) s.send("GET / HTTP/1.0\r\n") s.close()
This is what gdb says:
The second method: hammering the server with lots of requests at high concurrency. Proof of concept:
ab -k -n 1000000 -c 1000 http://127.0.0.1:1337/
The gdb output looks again familiar:
Things that looks suspicious: the r12 register that holds the 2^32-1 value, and in the second case, the rax register that goes close to that value, therefore it may look like some sort of overflow.
The system is an Ubuntu 11.10 amd64 (running as chroot under 10.04).
Callback parameter of stream::read_start() is definitely misleading, and that's why I made a mistake here.