Hi Bruno,

Thank you for the report.

Do you mind to generate more information using GDB?

I've just create a guide on how to use GDB to help in the bug reporting process, it is available under our wiki:
https://github.com/SpiderLabs/ModSecurity/wiki/Debugging-ModSecurity

Thanks,
Felipe "Zimmerle" Costa
Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com

On Feb 12, 2014, at 9:23 AM, Bruno Savioli de Almeida <bruno@savioli.org> wrote:

Hi,

I'm testing the JSON patches from the json_top_of_2_7_7 branch and I'm getting what appears to be random segfaults. I say random because I haven't managed to identify any patterns on the type of requests that segfaults.

Test environment:
Centos 6.5 x86_64
httpd-2.2.15-29.el6.centos.x86_64
mod_security compiled with yajl-2.0.5


I'm running mod_security in DETECTION_ONLY mode, with the owasp crs and JSON requestBodyProcessor enabled

When the request segfaults, the audit log only records parts A and B:

To avoid making this email too long, logs are here: http://pastebin.com/MnehgvJw

Let me know if I can help with any more information.


Thanks,


--
- Bruno
------------------------------------------------------------------------------
Android apps run on BlackBerry 10
Introducing the new BlackBerry 10.2.1 Runtime for Android apps.
Now with support for Jelly Bean, Bluetooth, Mapview and more.
Get your Android app in front of a whole new audience.  Start now.
http://pubads.g.doubleclick.net/gampad/clk?id=124407151&iu=/4140/ostg.clktrk_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php




This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.