Thread: [sleuthkit-developers] NTFS Compression bug solution

Brought to you by: carrier

sleuthkit-developers

[sleuthkit-developers] NTFS Compression bug solution

From: David C. <da...@in...> - 2006-11-29 07:28:27

Hi Brian,
I think I have tracked this down to the loop on line 1051 in ntfs.c.
There is no bounds checking, and in my problem case it overflows the
comp->uncomp_buf buffer. It does not abort immediately, but rather when
uncomp_buf is free'd, presumably because we have trashed malloc's
metadata which I believe lives after the malloc'd buffer.

Adding a check fixes this for me.

Hope this helps,
Dave

Re: [sleuthkit-developers] NTFS Compression bug solution

From: David C. <da...@in...> - 2006-11-29 07:33:49

I meant to mention that I used valgrind to help track this down.

On Wed, Nov 29, 2006 at 06:28:20PM +1100, David Collett wrote:
> Hi Brian,
> I think I have tracked this down to the loop on line 1051 in ntfs.c.
> There is no bounds checking, and in my problem case it overflows the
> comp->uncomp_buf buffer. It does not abort immediately, but rather when
> uncomp_buf is free'd, presumably because we have trashed malloc's
> metadata which I believe lives after the malloc'd buffer.
> 
> Adding a check fixes this for me.
> 
> Hope this helps,
> Dave
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> sleuthkit-developers mailing list
> sle...@li...
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers

Re: [sleuthkit-developers] NTFS Compression bug solution

From: Brian C. <ca...@sl...> - 2006-11-29 21:28:35

On Nov 29, 2006, at 2:28 AM, David Collett wrote:

> Hi Brian,
> I think I have tracked this down to the loop on line 1051 in ntfs.c.
> There is no bounds checking, and in my problem case it overflows the
> comp->uncomp_buf buffer. It does not abort immediately, but rather  
> when
> uncomp_buf is free'd, presumably because we have trashed malloc's
> metadata which I believe lives after the malloc'd buffer.
>
> Adding a check fixes this for me.

Interesting.  I previously added that check and added some more  
checks, but the result was that it would get into an infinite loop  
somewhere.  I'll recheck the other changes that I made to see if  
those are incorrect and causing the infinite loop problem.

thanks,
brian