search

libyal / libpff

Library and tools to access the Personal Folder File (PFF) and the Offline Folder File (OFF) format
GNU Lesser General Public License v3.0
286 stars 74 forks source link

pypff segfaults when calling get_*_time() methods #39

Closed mdeous closed 6 years ago

mdeous commented 7 years ago

Behavior:

pypff crashes with a segmentation fault when calling one of these message methods:

Error messages:

The error on the console output is: [1] 12403 segmentation fault (core dumped) python pstsearch.py

In dmesg, the following message is present: [180718.625433] python[12403]: segfault at 9 ip 00007f9dab454e86 sp 00007fffaa5ef150 error 4 in pypff.so[7f9dab3a5000+19b000]

And when running the script with strace, I get the following:

fstat(5, {st_mode=S_IFREG|0644, st_size=2521, ...}) = 0
read(5, "\3\363\r\n\"2\335Wc\0\0\0\0\0\0\0\0\3\0\0\0@\0\0\0s\273\0\0\0d\0"..., 4096) = 2521
fstat(5, {st_mode=S_IFREG|0644, st_size=2521, ...}) = 0
read(5, "", 4096)                       = 0
close(5)                                = 0
close(4)                                = 0
brk(0x56548e34b000)                     = 0x56548e34b000
mmap(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f6163241000
brk(0x56548e37a000)                     = 0x56548e37a000
brk(0x56548e363000)                     = 0x56548e363000
brk(0x56548e334000)                     = 0x56548e334000
mmap(NULL, 421888, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f61631da000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x9} ---
+++ killed by SIGSEGV (core dumped) +++

Opening the coredump in GDB and displaying the backtrace gives:

#0  libpff_internal_item_get_entry_value_filetime (internal_item=0x1, entry_type=12295, filetime=0x7ffe9822fa40, error=0x7ffe9822fa38)
    at libpff/libpff_item.c:1379
1379        if( internal_item->internal_file == NULL )
(gdb) bt
#0  libpff_internal_item_get_entry_value_filetime (internal_item=0x1, entry_type=12295, filetime=0x7ffe9822fa40, error=0x7ffe9822fa38)
    at libpff/libpff_item.c:1379
#1  0x00007f4b920715f9 in libpff_message_get_creation_time (message=<optimized out>, filetime=<optimized out>, error=0x7ffe9822fa38)
    at libpff/libpff_message.c:776
#2  0x00007f4b92081750 in pypff_message_get_creation_time (pypff_item=0x7f4b93609f30, arguments=<optimized out>)
    at pypff/pypff_message.c:976
#3  0x000055f6d1b72b0f in ?? ()
#4  0x000055f6d1c8afea in ?? ()
#5  0x0000000000000000 in ?? ()

Environment:

joachimmetz commented 7 years ago

Thx for the report. I'll have a look when time permits, for now pypff is experimental https://github.com/libyal/libpff/issues/2

joachimmetz commented 6 years ago

made some changes in https://github.com/libyal/libpff/commit/ee17d7cb702ddf653c6b1d2caed050de142cd7cd

joachimmetz commented 6 years ago

Closing this issue seeing pypff is still WIP

bbsonjohn commented 3 years ago

This issue was 3 years ago and I still encounter today. Is it fixed yet?

joachimmetz commented 3 years ago

@bbsonjohn what part of work in progress don't you understand? If you want faster results, help out, or pay someone to help out if you lack the necessary skills yourself.

bbsonjohn commented 3 years ago

@bbsonjohn what part of work in progress don't you understand? If you want faster results, help out, or pay someone to help out if you lack the necessary skills yourself.

Thanks for the reply. I am just glad that it is still being work on.