Re: [sleuthkit-users] crash in fs_inode.c:96 TSK 2.05
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] crash in fs_inode.c:96 TSK 2.05
|
From: Simson G. <si...@ac...> - 2006-08-23 13:01:30
|
Thanks. Line 305 in which file?
You are right --- the "quick patch" is:
if(fs_inode==NULL) return;
However, there's clearly a deeper bug somewhere...
On Aug 23, 2006, at 5:55 AM, Svein Yngvar Willassen wrote:
> Apparently fs_inode is NULL. In your case it's called from line 305 in
> ntfs.dent.c.
>
> I notice there's a check for fs_inode != NULL in the call to
> fs_inode_free
> at line 97. There should probably be a similar check at line 305.
> Such a
> check should at least eliminate your current crash.
>
> Regards,
>
> Svein Willassen
>
>
>> -----Original Message-----
>> From: sle...@li...
>> [mailto:sleuthkit-
>> use...@li...] On Behalf Of Simson Garfinkel
>> Sent: 23. august 2006 14:41
>> To: sle...@li...
>> Subject: [sleuthkit-users] crash in fs_inode.c:96 TSK 2.05
>>
>> I have an image to generates a crash in the ntfs_dent_idxentry()
>> function.
>>
>> Here is the stack trace:
>>
>> (gdb) where
>> #0 fs_inode_free (fs_inode=0x0) at fs_inode.c:96
>> #1 0x000000000042adf7 in ntfs_dent_idxentry (ntfs=0x566400,
>> dinfo=0x7fffffffdda0, idxe=0x1e57040, size=4032, len=31813712,
>> flags=7,
>> action=0x402530 <dent_act>, ptr=0x0) at ntfs_dent.c:288
>> #2 0x000000000042bf5c in ntfs_dent_walk_lcl (fs=0x566400,
>> dinfo=0x7fffffffdda0, inum=31817728, flags=7, action=0x402530
>> <dent_act>, ptr=0x0)
>> at ntfs_dent.c:818
>> #3 0x000000000042af54 in ntfs_dent_idxentry (ntfs=0x566400,
>> dinfo=0x7fffffffdda0, idxe=0x15787e8, size=4032, len=22513656,
>> flags=7,
>> action=0x402530 <dent_act>, ptr=0x0) at ntfs_dent.c:327
>> #4 0x000000000042bf5c in ntfs_dent_walk_lcl (fs=0x566400,
>> dinfo=0x7fffffffdda0, inum=22515712, flags=7, action=0x402530
>> <dent_act>, ptr=0x0)
>> at ntfs_dent.c:818
>> #5 0x000000000042af54 in ntfs_dent_idxentry (ntfs=0x566400,
>> dinfo=0x7fffffffdda0, idxe=0x1573458, size=4032, len=22492264,
>> flags=7,
>> action=0x402530 <dent_act>, ptr=0x0) at ntfs_dent.c:327
>> #6 0x000000000042c142 in ntfs_dent_walk_lcl (fs=0x566400,
>> dinfo=0x7fffffffdda0, inum=4203824, flags=7, action=0x402530
>> <dent_act>, ptr=0x0)
>> at ntfs_dent.c:863
>> #7 0x000000000042b3ad in ntfs_dent_walk (fs=0x566400, inum=5,
>> flags=7, action=0x402530 <dent_act>, ptr=0x0) at ntfs_dent.c:464
>> #8 0x0000000000402ae2 in do_vol (img=0x564000, start=32256) at
>> iwalk.cpp:170
>> #9 0x0000000000402b7c in mm_act (mm=0x564080, pnum=2, part=0x563180,
>> flag=0, ptr=0x44a304 "") at iwalk.cpp:195
>> #10 0x00000000004342e0 in dos_part_walk (mm=0x564080, start=0,
>> last=4, flags=10, action=0x402b30 <mm_act>, ptr=0x44a304 "") at
>> dos.c:
>> 1013
>> #11 0x0000000000402c5e in do_dimage (img=0x564000, desc=0x44a406 "my
>> boring test comment") at iwalk.cpp:229
>> #12 0x0000000000402e39 in main (argc=1, argv=0x7fffffffe988) at
>> iwalk.cpp:294
>> (gdb)
>>
>> And here is the code itself:
>>
>> /* fs_inode_free - destroy generic inode structure */
>>
>> void
>> fs_inode_free(FS_INODE * fs_inode)
>> {
>> FS_NAME *fs_name, *fs_name2;
>>
>> => if (fs_inode->direct_addr)
>> free((char *) fs_inode->direct_addr);
>> fs_inode->direct_addr = NULL;
>>
>> if (fs_inode->indir_addr)
>> free((char *) fs_inode->indir_addr);
>> fs_inode->indir_addr = NULL;
>>
>>
>> Any ideas?
>>
>> This is TSK 2.05
>
>
> ----------------------------------------------------------------------
> ---
> Using Tomcat but need to do more? Need to support web services,
> security?
> Get stuff done quickly with pre-integrated technology to make your
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache
> Geronimo
> http://sel.as-us.falkag.net/sel?
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
|
