exFAT: fsstat runs into the infinite loop when reading a deleted volume label

[msuhanov]

Hello.

$ sudo icat /dev/sdb1 2 | hexdump -C
00000000  03 03 31 00 32 00 33 00  00 00 00 00 00 00 00 00  |..1.2.3.........|
00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000020  81 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
00000030  00 00 00 00 02 00 00 00  75 d3 01 00 00 00 00 00  |........u.......|
00000040  82 00 00 00 0d d3 19 e6  00 00 00 00 00 00 00 00  |................|
00000050  00 00 00 00 06 00 00 00  cc 16 00 00 00 00 00 00  |................|
00000060  85 03 da 42 16 00 00 00  22 7b 38 54 22 7b 38 54  |...B...."{8T"{8T|
00000070  22 7b 38 54 71 71 8c 8c  8c 00 00 00 00 00 00 00  |"{8Tqq..........|
00000080  c0 03 00 19 b8 ff 00 00  00 80 00 00 00 00 00 00  |................|
00000090  00 00 00 00 08 00 00 00  00 80 00 00 00 00 00 00  |................|
000000a0  c1 00 53 00 79 00 73 00  74 00 65 00 6d 00 20 00  |..S.y.s.t.e.m. .|
000000b0  56 00 6f 00 6c 00 75 00  6d 00 65 00 20 00 49 00  |V.o.l.u.m.e. .I.|
000000c0  c1 00 6e 00 66 00 6f 00  72 00 6d 00 61 00 74 00  |..n.f.o.r.m.a.t.|
000000d0  69 00 6f 00 6e 00 00 00  00 00 00 00 00 00 00 00  |i.o.n...........|
000000e0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
00008000

$ fsstat -V
The Sleuth Kit ver 4.11.1

$ sudo fsstat -v /dev/sdb1 2>&1 | grep exfatfs_is_vol_label_dentry | head -n 15
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry
exfatfs_is_vol_label_dentry: volume label length non-zero for no label entry

The bug is here (this check is not needed, because a volume label deleted using Windows will not pass it):

sleuthkit/tsk/fs/exfatfs_meta.c

Line 136 in ab49697

/* There is supposed to be no label, check for a zero in the length

And here (the loop uses the same value for the current_sector variable in every iteration):

sleuthkit/tsk/fs/exfatfs.c

Line 594 in 042f791

while (current_sector < last_sector_of_data_area) {

[msuhanov]

A similar issue fixed before: #906.

[msuhanov]

Similarly, the fsstat tool runs into the infinite loop on a "fresh" microSD card.

# fls /dev/sdh1 
r/r 8195:	$ALLOC_BITMAP
r/r 8196:	$UPCASE_TABLE
v/v 1995833347:	$MBR
v/v 1995833348:	$FAT1
V/V 1995833349:	$OrphanFiles

# fsstat -f exfat -v /dev/sdh1 
tsk_img_open: Type: 0   NumImg: 1  Img1: /dev/sdh1
tsk_img_findFiles: /dev/sdh1 found
tsk_img_findFiles: 1 total segments found
raw_open: segment: 0  size: 63883444224  max offset: 63883444224  path: /dev/sdh1
raw_read: byte offset: 0 len: 65536
raw_read: found in image 0 relative offset: 0 len: 65536
raw_read_segment: opening file into slot 0: /dev/sdh1
raw_read: byte offset: 17039360 len: 65536
raw_read: found in image 0 relative offset: 17039360 len: 65536
FILE SYSTEM INFORMATION
--------------------------------------------
File System Type: exFAT

Volume Serial Number: 123-4567
raw_read: byte offset: 16777216 len: 65536
raw_read: found in image 0 relative offset: 16777216 len: 65536
^C