Hi Brian,
I have just hit a small bug in fs_io.c in fs_read_file_int we have the check:
if(offset > fsi->size) {
return 0;
}
This is normally perfectly reasonable, except when callers specified
the TSK_FS_FILE_FLAG_SLACK flag. This that case users want to read
past the end of the file, and so therefore should be allowed to also
seek past the end of the file. The current check stops callers from
seeking and reading buffers purely from the slack - but they can read
the slack if they start reading within the file and read buffers into
the slack. Anyway a small patch like:
// If callers wanted slack its perfectly reasonable for them to
// read past the end of the file.
if (!(flagsBase & TSK_FS_FILE_FLAG_SLACK) && offset > fsi->size) {
return 0;
}
seems to fix things.
Michael.
|
