Resolved issue 2796945 for infinite loops in fs_attr

f1f0e2d3 · Brian Carrier · d6915264 · f1f0e2d3 · f1f0e2d3
Commit f1f0e2d3 authored 16 years ago by Brian Carrier
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -80,6 +80,9 @@ space is shown if slack space is requested.
 5/8/09: Update: Resolved issue 2596153 by changing arguments to the
 img_open functions.
+5/26/09: Bug Fix. Resolved issue 2796945 for inifite loop in fs_attr. 
+Reported by Simson Garfinkel.
 ---------------- VERSION 3.0.1 -------------- 
 11/11/08: Bug Fix: Fixed crashing bug in ifind on FAT file system.

--- a/tsk3/fs/fs_attr.c
+++ b/tsk3/fs/fs_attr.c
@@ -431,8 +431,8 @@ tsk_fs_attr_add_run(TSK_FS_INFO * a_fs, TSK_FS_ATTR * a_fs_attr,
            tsk_fprintf(stderr,
                "tsk_fs_attr_add: %" PRIuOFF "@%" PRIuOFF
                " (Filler: %s)\n", data_run_cur->offset, data_run_cur->len,
-                (data_run_cur->
+                (data_run_cur->flags & TSK_FS_ATTR_RUN_FLAG_FILLER) ? "Yes"
-                    flags & TSK_FS_ATTR_RUN_FLAG_FILLER) ? "Yes" : "No");
+                : "No");
        /* Do we replace this filler spot? */
        if (data_run_cur->flags & TSK_FS_ATTR_RUN_FLAG_FILLER) {
@@ -677,11 +677,11 @@ tsk_fs_attr_walk_res(const TSK_FS_ATTR * fs_attr,
    }
    /* Allocate a buffer that is at most a block size in length */
-    if ((a_flags & TSK_FS_FILE_WALK_FLAG_AONLY) == 0) {
+    buf_len = (size_t) fs_attr->size;
-        buf_len = (size_t) fs_attr->size;
+    if (buf_len > fs->block_size)
-        if (buf_len > fs->block_size)
+        buf_len = fs->block_size;
-            buf_len = fs->block_size;
+    if ((a_flags & TSK_FS_FILE_WALK_FLAG_AONLY) == 0) {
        if ((buf = tsk_malloc(buf_len)) == NULL) {
            return 1;
        }
@@ -786,8 +786,8 @@ tsk_fs_attr_walk_nonres(const TSK_FS_ATTR * fs_attr,
            /* If the address is too large then give an error */
            if (addr + len_idx > fs->last_block) {
-                if (fs_attr->fs_file->meta->
+                if (fs_attr->fs_file->
-                    flags & TSK_FS_META_FLAG_UNALLOC)
+                    meta->flags & TSK_FS_META_FLAG_UNALLOC)
                    tsk_errno = TSK_ERR_FS_RECOVER;
                else
                    tsk_errno = TSK_ERR_FS_BLK_NUM;
@@ -839,8 +839,8 @@ tsk_fs_attr_walk_nonres(const TSK_FS_ATTR * fs_attr,
                    if ((off + fs->block_size > fs_attr->nrd.initsize)
                        && ((a_flags & TSK_FS_FILE_READ_FLAG_SLACK) == 0)) {
                        memset(&buf[fs_attr->nrd.initsize - off], 0,
-                            fs->block_size - (size_t)(fs_attr->nrd.initsize -
+                            fs->block_size -
-                                off));
+                            (size_t) (fs_attr->nrd.initsize - off));
                    }
                }
            }
@@ -1112,21 +1112,22 @@ tsk_fs_attr_read(const TSK_FS_ATTR * a_fs_attr, TSK_OFF_T a_offset,
                    fprintf(stderr,
                        "tsk_fs_attr_read_type: File %" PRIuINUM
                        " has FILLER entry, using 0s\n",
-                        (a_fs_attr->fs_file->meta) ? a_fs_attr->fs_file->
+                        (a_fs_attr->fs_file->meta) ? a_fs_attr->
-                        meta->addr : 0);
+                        fs_file->meta->addr : 0);
            }
            // we return 0s for reads past the initsize (unless they want slack space)
-            else if (((TSK_OFF_T)((data_run_cur->offset +
+            else if (((TSK_OFF_T) ((data_run_cur->offset +
-                        blkoffset_inrun) * fs->block_size +
+                            blkoffset_inrun) * fs->block_size +
-                    byteoffset_toread) >= a_fs_attr->nrd.initsize)
+                        byteoffset_toread) >= a_fs_attr->nrd.initsize)
                && ((a_flags & TSK_FS_FILE_READ_FLAG_SLACK) == 0)) {
                memset(&a_buf[len_toread - len_remain], 0, len_inrun);
                if (tsk_verbose)
                    fprintf(stderr,
                        "tsk_fs_attr_read: Returning 0s for read past end of initsize (%"
                        PRIuINUM ")\n", ((a_fs_attr->fs_file)
-                            && (a_fs_attr->fs_file->meta)) ? a_fs_attr->
+                            && (a_fs_attr->fs_file->
-                        fs_file->meta->addr : 0);
+                                meta)) ? a_fs_attr->fs_file->meta->
+                        addr : 0);
            }
            else {
                TSK_OFF_T fs_offset_b;
@@ -1158,14 +1159,14 @@ tsk_fs_attr_read(const TSK_FS_ATTR * a_fs_attr, TSK_OFF_T a_offset,
                }
                // see if part of the data is in the non-initialized space
-                if (((TSK_OFF_T)((data_run_cur->offset +
+                if (((TSK_OFF_T) ((data_run_cur->offset +
-                            blkoffset_inrun) * fs->block_size +
+                                blkoffset_inrun) * fs->block_size +
-                        byteoffset_toread + len_inrun) >
+                            byteoffset_toread + len_inrun) >
                        a_fs_attr->nrd.initsize)
                    && ((a_flags & TSK_FS_FILE_READ_FLAG_SLACK) == 0)) {
                    size_t off =
-                        (size_t)((data_run_cur->offset +
+                        (size_t) ((data_run_cur->offset +
-                        blkoffset_inrun) * fs->block_size +
+                            blkoffset_inrun) * fs->block_size +
                        byteoffset_toread + len_inrun -
                        a_fs_attr->nrd.initsize);
                    memset(&a_buf[len_toread - len_remain + off], 0,