[sleuthkit-users] more crashes
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] more crashes
|
From: Simson G. <si...@ac...> - 2006-08-24 21:23:00
|
Drive #193 causes a crash at line 3874 of ntfs.c.
Here is the stack trace:
(gdb) where
#0 0x0000000000429427 in ntfs_secure_data_free (ntfs_info=0x566400)
at ntfs.c:3874
#1 0x00000000004294d8 in ntfs_close (fs=0x566400) at ntfs.c:3896
#2 0x0000000000402b0a in do_vol (img=0x564000, start=32256) at
iwalk.cpp:178
#3 0x0000000000402b7c in mm_act (mm=0x564080, pnum=2, part=0x563180,
flag=0, ptr=0x44a304 "") at iwalk.cpp:195
#4 0x00000000004342e0 in dos_part_walk (mm=0x564080, start=0,
last=2, flags=6, action=0x402b30 <mm_act>, ptr=0x44a304 "") at dos.c:
1013
#5 0x0000000000402c5e in do_dimage (img=0x564000, desc=0x44a406 "my
boring test comment") at iwalk.cpp:229
#6 0x0000000000402e39 in main (argc=1, argv=0x7fffffffe988) at
iwalk.cpp:294
(gdb)
and the code:
static void
ntfs_secure_data_free(NTFS_INFO * ntfs_info)
{
// Iterate of sds entries and free them
while (ntfs_info->sds) {
=> free(ntfs_info->sds->data);
ntfs_info->sds = ntfs_info->sds->next;
}
==================
Drive #248:
stack appears corrupted; this is what's on top:
#0 0x0000000800d9c020 in strncpy () from /lib/libc.so.6
(gdb) where
#0 0x0000000800d9c020 in strncpy () from /lib/libc.so.6
#1 0x00000000004206f4 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x1663000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:521
#2 0x0000000000420c46 in fatfs_dent_walk_lcl (fs=0x566400,
dinfo=0x7fffffffdd80, inode=40, flags=7, action=0x402530 <dent_act>,
ptr=0x0)
at fatfs_dent.c:754
#3 0x0000000000420771 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x1662000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:539
#4 0x0000000000420c46 in fatfs_dent_walk_lcl (fs=0x566400,
dinfo=0x7fffffffdd80, inode=40, flags=7, action=0x402530 <dent_act>,
ptr=0x0)
at fatfs_dent.c:754
#5 0x0000000000420771 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x165b000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:539
#6 0x0000000000420c46 in fatfs_dent_walk_lcl (fs=0x566400,
dinfo=0x7fffffffdd80, inode=40, flags=7, action=0x402530 <dent_act>,
ptr=0x0)
at fatfs_dent.c:754
#7 0x0000000000420771 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x165a000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:539
#8 0x0000000000420c46 in fatfs_dent_walk_lcl (fs=0x566400,
dinfo=0x7fffffffdd80, inode=40, flags=7, action=0x402530 <dent_act>,
ptr=0x0)
at fatfs_dent.c:754
#9 0x0000000000420771 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x1653000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:539
#10 0x0000000000420c46 in fatfs_dent_walk_lcl (fs=0x566400,
dinfo=0x7fffffffdd80, inode=40, flags=7, action=0x402530 <dent_act>,
ptr=0x0)
at fatfs_dent.c:754
#11 0x0000000000420771 in fatfs_dent_parse_buf (fatfs=0x566400,
dinfo=0x7fffffffdd80,
buf=0xffffffffffffe788 <Address 0xffffffffffffe788 out of
bounds>, len=6144, addrs=0x1652000, flags=7, action=0x402530
<dent_act>, ptr=0x0)
at fatfs_dent.c:539
/* append our name */
if (dinfo->depth < MAX_DEPTH) {
dinfo->didx[dinfo->depth] =
&dinfo->dirs[strlen(dinfo->dirs)];
=> strncpy(dinfo->didx[dinfo->depth], fs_dent->name,
DIR_STRSZ - strlen(dinfo->dirs));
strncat(dinfo->dirs, "/", DIR_STRSZ);
}
(gdb) p dinfo->didx[53]
$2 = 0x7fffffffe789 "\345\221\201\345\275\205\344\241\223\345\211\217
\345\275\224\345\211\205\346\214\240\346\271\257\347\211\264\346\261
\257\346\
\215\234\347\211\264\346\261\257"
(gdb) p *fs_dent
$3 = {name = 0x1666000 "\345\221\201\345\275\205\344\241\223\345\211
\217\345\275\224\345\211\205\346\214\240\346\271\257\347\211\264\346
\261\257\\
346\215\234\347\211\264\346\261\257", name_max = 1024,
shrt_name = 0x563f00 ".", shrt_name_max = 32, inode = 40, fsi =
0x164ec00, ent_type = 4 '\004',
path = 0x7fffffffdf88 "DOS/\345\221\201\345\275\205\344\241\223\345
\211\217\345\275\224\345\211\205\346\214\240\346\271\257\347\211\264
\346\261\
\257\346\215\234\347\211\264\346\261\257/\345\221\201\345\275\205\344
\241\223\345\211\217\345\275\224\345\211\205\346\214\240\346\271\257
\347\211\
\264\346\261\257\346\215\234\347\211\264\346\261\257/\345\221\201\345
\275\205\344\241\223\345\211\217\345\275\224\345\211\205\346\214\240
\346\271\
\257\347\211\264\346\261\257\346\215\234\347\211\264\346\261\257/\345
\221\201\345\275\205\344\241\223\345\211\217\345\275\224\345\211\205
\346\214\
\240\346\271\257\347\211\264\346\261\257\346\215\234\347\211\264\346
\261\257/\345\221\201\345\275\205\344\241\223\345\211\217\345\275\224
\345\211\
\205\346\214\240\346\271\257\347\211\264\346\261\257\346\215\234\347
\211\264"..., pathdepth = 53}
(gdb)
Looks like the structures on the disk are corrupt and the
fatfs_dent.c routine is being a little too trusting?
===============================
Image 471:
(gdb) where
#0 0x0000000000429427 in ntfs_secure_data_free (ntfs_info=0x566400)
at ntfs.c:3874
#1 0x00000000004294d8 in ntfs_close (fs=0x566400) at ntfs.c:3896
#2 0x0000000000402b0a in do_vol (img=0x564000, start=32256) at
iwalk.cpp:178
#3 0x0000000000402b7c in mm_act (mm=0x564080, pnum=2, part=0x563180,
flag=0, ptr=0x44a304 "") at iwalk.cpp:195
#4 0x00000000004342e0 in dos_part_walk (mm=0x564080, start=0,
last=2, flags=6, action=0x402b30 <mm_act>, ptr=0x44a304 "") at dos.c:
1013
#5 0x0000000000402c5e in do_dimage (img=0x564000, desc=0x44a406 "my
boring test comment") at iwalk.cpp:229
#6 0x0000000000402e39 in main (argc=1, argv=0x7fffffffe988) at
iwalk.cpp:294
(gdb)
This looks like the same problem as Drive #193
|
