[sleuthkit-developers] [ sleuthkit-Bugs-2907248 ] crash in image layer caching

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Bugs item #2907248, was opened at 2009-12-01 22:10
Message generated for change (Settings changed) made by carrier
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2907248&group_id=55685

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: File System Tools
Group: None
>Status: Closed
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Brian Carrier (carrier)
Assigned to: Nobody/Anonymous (nobody)
Summary: crash in image layer caching

Initial Comment:
Reported from Simson Garfinkel:

(gdb) run -o63 ~/0411.iso 
Starting program: /Users/simsong/domex/src/dist/sleuthkit-3.1.0b1/tools/fstools/fls -o63 ~/0411.iso
Reading symbols for shared libraries .+++++++++. done

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000001007f9ff0
0x00007fffffe00f40 in __memcpy ()
(gdb) where
#0  0x00007fffffe00f40 in __memcpy ()
#1  0x0000000100004580 in __inline_memcpy_chk (__dest=0x100801e00, __src=0x1001ce014, __len=18446744073709519360) at _string.h:58
#2  0x0000000100004285 in tsk_img_read (a_img_info=0x10018e000, a_off=97792, a_buf=0x100801e00 "", a_len=1536) at img_io.c:71
#3  0x000000010003e8e6 in tsk_fs_read (a_fs=0x1002007a0, a_off=65536, a_buf=0x100801e00 "", a_len=1536) at fs_io.c:63
#4  0x00000001000364a2 in ffs_open (img_info=0x10018e000, offset=32256, ftype=TSK_FS_TYPE_FFS_DETECT) at ffs.c:1963
#5  0x000000010003ffc8 in tsk_fs_open_img (a_img_info=0x10018e000, a_offset=32256, a_ftype=TSK_FS_TYPE_DETECT) at fs_open.c:157
#6  0x0000000100001457 in main (argc=<value temporarily unavailable, due to optimizations>, argv1=0x7fff5fbfef80) at fls.cpp:263
(gdb) up
#1  0x0000000100004580 in __inline_memcpy_chk (__dest=0x100801e00, __src=0x1001ce014, __len=18446744073709519360) at _string.h:58
58	  return __builtin___memcpy_chk (__dest, __src, __len, __darwin_obsz0(__dest));
Current language:  auto; currently c
(gdb) up
#2  0x0000000100004285 in tsk_img_read (a_img_info=0x10018e000, a_off=97792, a_buf=0x100801e00 "", a_len=1536) at img_io.c:71
71	                memcpy(a_buf,
(gdb) list 65,75
65	                   if (tsk_verbose)
66	                   fprintf(stderr,
67	                   "tsk_img_read: Read found in cache %d\n", i);
68	                 */
69	
70	                // We found it...
71	                memcpy(a_buf,
72	                    &a_img_info->cache[i][a_off -
73	                        a_img_info->cache_off[i]], len2);
74	                retval = (ssize_t) len2;
75	
(gdb) p a_buf
$1 = 0x100801e00 ""
(gdb) p i
$2 = 3
(gdb) p a_off
$3 = 97792
(gdb) p a_img_info->cache_off[i]
$4 = 32256
(gdb) p len2
$5 = 18446744073709519360
(gdb) 

----------------------------------------------------------------------

>Comment By: Brian Carrier (carrier)
Date: 2009-12-01 22:12

Message:
Fixed.  Issue was with length calculation when reading past end of image.

Sending        trunk/tsk3/img/img_io.c
Transmitting file data .
Committed revision 136.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=477889&aid=2907248&group_id=55685