lnkinfo 20150609 crash when using libfwsi 20150606

[ant1]

Hi,

When using lnkinfo 20150609, with liblnk linking against libfwsi 20150606 from system, I have a crash with https://github.com/log2timeline/plaso/raw/master/test_data/NeroInfoTool.lnk

I reproduced it on both ubuntu and freebsd

$ lnkinfo NeroInfoTool.lnk 
lnkinfo 20150609

Windows Shortcut information:
    Contains a link target identifier
    Contains a description string
    Contains a relative path string
    Contains a working directory string
    Contains a command line arguments string
    Contains an icon location string
    Contains an icon location block

Link information:
    Creation time           : Jun 05, 2009 20:13:20.000000000 UTC
    Modification time       : Jun 05, 2009 20:13:20.000000000 UTC
    Access time         : Jan 29, 2010 21:30:11.332156900 UTC
    File size           : 4635160 bytes
    File attribute flags        : 0x00000020
        Should be archived (FILE_ATTRIBUTE_ARCHIVE)
    Drive type          : Fixed (3)
    Drive serial number     : 0x70ecfa33
    Volume label            : OS
    Local path          : C:\Program Files (x86)\Nero\Nero 9\Nero InfoTool\InfoTool.exe
    Description         : Nero InfoTool provides you with information about the most important features of installed drives, inserted discs, installed software and much more. With Nero InfoTool you can find out all about your drive and your system configuration.
    Relative path           : ..\..\..\..\..\..\..\..\Program Files (x86)\Nero\Nero 9\Nero InfoTool\InfoTool.exe
    Working directory       : C:\Program Files (x86)\Nero\Nero 9\Nero InfoTool
    Command line arguments      : -ScParameter=30002  
    Icon location           : %ProgramFiles%\Nero\Nero 9\Nero InfoTool\InfoTool.exe

Link target identifier:
    Shell item list
        Number of items     : 7

    Shell item: 1
        Item type       : Root folder
        Class type indicator    : 0x1f (Root folder)
        Shell folder identifier : 20d04fe0-3aea-1069-a2d8-08002b30309d
Segmentation fault (core dumped)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7280a03 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=<optimized out>) at vfprintf.c:1661
1661    vfprintf.c: No such file or directory.
(gdb) bt
#0  0x00007ffff7280a03 in _IO_vfprintf_internal (s=<optimized out>, format=<optimized out>, ap=<optimized out>) at vfprintf.c:1661
#1  0x00007ffff7283f31 in buffered_vfprintf (s=s@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, format=format@entry=0x4130d4 "\t\tShell folder name\t: %s\n", args=args@entry=0x7fffffffdb48) at vfprintf.c:2356
#2  0x00007ffff727eeae in _IO_vfprintf_internal (s=s@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, format=format@entry=0x4130d4 "\t\tShell folder name\t: %s\n", ap=ap@entry=0x7fffffffdb48) at vfprintf.c:1313
#3  0x00007ffff733e565 in ___fprintf_chk (fp=fp@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, flag=flag@entry=1, format=format@entry=0x4130d4 "\t\tShell folder name\t: %s\n") at fprintf_chk.c:35
#4  0x00000000004077e1 in fprintf (__fmt=0x4130d4 "\t\tShell folder name\t: %s\n", __stream=0x7ffff75f4400 <_IO_2_1_stdout_>) at /usr/include/x86_64-linux-gnu/bits/stdio2.h:97
#5  shell_items_root_folder_fprint (shell_item=shell_item@entry=0x619b60, notify_stream=notify_stream@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, error=error@entry=0x7fffffffddc8) at shell_items.c:1085
#6  0x00000000004083b1 in shell_items_item_fprint (shell_item=0x619b60, shell_item_index=shell_item_index@entry=1, notify_stream=notify_stream@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, 
    error=error@entry=0x7fffffffddc8) at shell_items.c:857
#7  0x0000000000408586 in shell_items_item_list_fprint (shell_item_list=0x619aa0, notify_stream=0x7ffff75f4400 <_IO_2_1_stdout_>, error=error@entry=0x7fffffffddc8) at shell_items.c:1722
#8  0x0000000000406486 in info_handle_link_target_identifier_fprint (info_handle=info_handle@entry=0x618080, error=error@entry=0x7fffffffddc8) at info_handle.c:2080
#9  0x0000000000406ae4 in info_handle_file_fprint (info_handle=0x618080, error=error@entry=0x7fffffffddc8) at info_handle.c:2687
#10 0x00000000004045d7 in main (argc=2, argv=0x7fffffffded8) at lnkinfo.c:265

Workaround:
build liblnk with --with-libfwsi=no

[joachimmetz]

Thx for the report, I'll have a look.

[joachimmetz]

I've been unable to reproduce this so far, this is also a very add location for the code to segfault.

#5 shell_items_root_folder_fprint (shell_item=shell_item@entry=0x619b60, notify_stream=notify_stream@entry=0x7ffff75f4400 <_IO_2_1_stdout_>, error=error@entry=0x7fffffffddc8) at shell_items.c:108

https://github.com/libyal/liblnk/blob/master/lnktools/shell_items.c#L1085

[joachimmetz]

What I can hypothesize is that libfwsi_shell_folder_identifier_get_name is not explicitly exported in the main included header and the code ends up calling into the wrong address.

[joachimmetz]

shell_items.c:1088:3: warning: implicit declaration of function ‘libfwsi_shell_folder_identifier_get_name’ [-Wimplicit-function-declaration]
shell_items.c:1089:4: warning: format ‘%s’ expects argument of type ‘char *’, but argument 3 has type ‘int’ [-Wformat]

[joachimmetz]

I've reproduced it and adding the declaration of libfwsi_shell_folder_identifier_get_name fixes the issue for me.

[joachimmetz]

See if this version works: libyal/libfwsi@f764fe0

Reopen the issue if needed, marking as closed for now.

[ant1]

I confirm it fixes the issue, thanks!