Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fls hangs on corrupt exfat image. #906

Closed
adambuchbinder opened this issue Aug 24, 2017 · 1 comment
Closed

fls hangs on corrupt exfat image. #906

adambuchbinder opened this issue Aug 24, 2017 · 1 comment

Comments

@adambuchbinder
Copy link
Contributor

To reproduce:

$ unzip hang.zip
Archive:  hang.zip
  inflating: hang.img
$ fls hang.img
[hangs here]

This bug was found using american fuzzy lop and input files ultimately from files.fuzzing-project.org.

Backtrace:

^C
Program received signal SIGINT, Interrupt.
tsk_img_read (a_img_info=0x7ffff7f8f010, a_off=77824, 
    a_buf=a_buf@entry=0x7c11b0 "\364\037\365\037\366\037\367\037\370\037\371\037\372\037\373\037\363\037\375\037\376\037\377\037", a_len=512) at img_io.c:34
34	    if (a_img_info == NULL) {
(gdb) bt
#0  tsk_img_read (a_img_info=0x7ffff7f8f010, a_off=77824, 
    a_buf=a_buf@entry=0x7c11b0 "\364\037\365\037\366\037\367\037\370\037\371\037\372\037\373\037\363\037\375\037\376\037\377\037", a_len=512) at img_io.c:34
#1  0x0000000000578a3e in tsk_fs_read_block (a_fs=a_fs@entry=0x7bccd0, 
    a_addr=a_addr@entry=152, 
    a_buf=a_buf@entry=0x7c11b0 "\364\037\365\037\366\037\367\037\370\037\371\037\372\037\373\037\363\037\375\037\376\037\377\037", a_len=<optimized out>)
    at fs_io.c:164
#2  0x00000000005831d6 in exfatfs_get_alloc_bitmap (a_fatfs=0x7bccd0)
    at exfatfs.c:261
#3  exfatfs_open (a_fatfs=0x7bccd0) at exfatfs.c:530
#4  0x000000000052fd31 in fatfs_open (a_img_info=<optimized out>, 
    a_offset=<optimized out>, a_ftype=TSK_FS_TYPE_FAT_DETECT, 
    a_test=<optimized out>) at fatfs.c:123
#5  0x0000000000431098 in tsk_fs_open_img (a_img_info=0x7ffff7f8f010, 
    a_offset=0, a_ftype=<optimized out>) at fs_open.c:124
#6  0x00000000004098f4 in main (argc=<optimized out>, argv1=<optimized out>)
    at fls.cpp:267

Input: hang.zip

@adambuchbinder
Copy link
Contributor Author

The issue here appears to be that current_sector is never incremented if the root sector doesn't contain the expected allocation bitmap.

while (current_sector < last_sector_of_data_area) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant