libpff_multi_value_get_number_of_values() returns 0 for variable-sized multi-valued props

libyal / libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format

GNU Lesser General Public License v3.0

289 stars 74 forks source link

libpff_multi_value_get_number_of_values() returns 0 for variable-sized multi-valued props #10

Open thims opened 9 years ago

thims commented 9 years ago

For LIBPFF_VALUE_TYPE_MULTI_VALUE_STRING_ASCII, LIBPFF_VALUE_TYPE_MULTI_VALUE_STRING_UNICODE and LIBPFF_VALUE_TYPE_MULTI_VALUE_BINARY_DATA value types libpff_multi_value_get_number_of_values() always returns 0.

thims commented 9 years ago

Ok, found the bug. It's in libpff_record_entry.c, line 3039. Parameters of byte_stream_copy_from_uint32_little_endian() in wrong order. You need to copy TO internal_multi_value->number_of_values FROM internal_record_entry->value_data.

thims commented 9 years ago

Buf after I fixed it by replacing byte_stream_copy_from_uint32_little_endian() with byte_stream_copy_to_uint32_littleendian() (now MV props work flawless) I have heap corruption in libpff_record_entry.c, line 224: memory_free(internal_record_entry->value_data );

it looks like something wrong here with memory allocation

joachimmetz commented 9 years ago

I'll have a look.

thims commented 9 years ago

Seems like it tries to free internal_record_entry->value_data which points at this time to the actual MV data (not the beginning of the allocated block, look at line 3126: it increments value_data member depending on number of values).