Trying to extract XCI using `--rootdir` results in segfault
Whovian9369 opened this issue · comments
Trying to extract XCI (both with and without an appended key area via nxdumptool) by using a command similar to $ hac2l -t xci "Input XCI here.xci" --rootdir "Output Directory Here" results in segfault when trying on the step Saving root:/normal.
Binary was built in the gcc:12.2.0-bullseye Docker container, and container was updated before building to the latest version of software from the repositories.
Example output of issue using linux_x64_release build, with most XCI/Title info stripped:
$ hac2l -t xci "Aggelos 1.0.2 [010004D00A9C0000][v131072] (keyarea) (certless) (untrimmed).xci" --rootdir "Aggelos 1.0.2 [010004D00A9C0000][v131072] (keyarea) (certless) (untrimmed)"
...
Sections:
Section 0:
Offset: 0x000005AC7600
Size: 0x000001500000
Version: 2
Fs Type: PartitionFs
Hash Type: HierarchicalSha256Hash
Encryption Type: AesCtr
Encryption Iv: 000000010000000100000000005AC760
Has Sparse Layer: 0
Has AesCtrEx Table: 0
Has Indirect Table: 0
Has Compression Layer: 0
Section 1:
Offset: 0x000000004000
Size: 0x000005AC3600
Version: 2
Fs Type: RomFs
Hash Type: HierarchicalIntegrityHash
Encryption Type: AesCtrEx
Encryption Iv: 00000002000000010000000000000400
Has Sparse Layer: 0
Has AesCtrEx Table: 1
Has Indirect Table: 1
Has Compression Layer: 0
Saving root:/update... [========================================] Done!
Saving root:/logo... [========================================] Done!
Saving root:/normal... [ ][1] 399320 segmentation fault hac2l -t xci --rootdirRunning the linux_x64_audit build in gdb shows this:
$ gdb --args ~/Downloads/Games/Switch/Tools/Docker/hac2l/hac2l-debian_audit -t xci "Aggelos 1.0.2 [010004D00A9C0000][v131072] (keyarea) (certless) (untrimmed).xci" --rootdir "Aggelos 1.0.2 [010004D00A9C0000][v131072] (keyarea) (certless) (untrimmed)"
GNU gdb (Debian 10.1-1.7) 10.1.90.20210103-git
...
Reading symbols from /home/whovian/Downloads/Games/Switch/Tools/Docker/hac2l/hac2l-debian_audit...
(gdb) set substitute-path /AMS/tools/hac2l /home/whovian/Downloads/Games/Switch/Tools/Docker/hac2l/Atmosphere/tools/hac2l
(gdb) run
Starting program: /home/whovian/Downloads/Games/Switch/Tools/Docker/hac2l/hac2l-debian_audit -t xci Aggelos\ 1.0.2\ \[010004D00A9C0000\]\[v131072\]\ \(keyarea\)\ \(certless\)\ \(untrimmed\).xci --rootdir Aggelos\ 1.0.2\ \[010004D00A9C0000\]\[v131072\]\ \(keyarea\)\ \(certless\)\ \(untrimmed\)
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
...
Sections:
Section 0:
Offset: 0x000005AC7600
Size: 0x000001500000
Version: 2
Fs Type: PartitionFs
Hash Type: HierarchicalSha256Hash
Encryption Type: AesCtr
Encryption Iv: 000000010000000100000000005AC760
Has Sparse Layer: 0
Has AesCtrEx Table: 0
Has Indirect Table: 0
Has Compression Layer: 0
Section 1:
Offset: 0x000000004000
Size: 0x000005AC3600
Version: 2
Fs Type: RomFs
Hash Type: HierarchicalIntegrityHash
Encryption Type: AesCtrEx
Encryption Iv: 00000002000000010000000000000400
Has Sparse Layer: 0
Has AesCtrEx Table: 1
Has Indirect Table: 1
Has Compression Layer: 0
Saving root:/update... [========================================] Done!
Saving root:/logo... [========================================] Done!
Saving root:/normal... [ ]
Program received signal SIGSEGV, Segmentation fault.
0x0000000000405da2 in ams::hactool::(anonymous namespace)::ProgressPrinter<40, (char)'=', (char)' '>::Render (this=<optimized out>) at /AMS/tools/hac2l/source/hactool_fs_utils.cpp:56
56 std::memset(prog + m_segs, Empty, Count - m_segs);
(gdb) bt
#0 0x0000000000405da2 in ams::hactool::(anonymous namespace)::ProgressPrinter<40, (char)'=', (char)' '>::Render (this=<optimized out>) at /AMS/tools/hac2l/source/hactool_fs_utils.cpp:56
#1 0x2020202020202020 in ?? ()
#2 0x2020202020202020 in ?? ()
#3 0x2020202020202020 in ?? ()
#4 0x2020202020202020 in ?? ()
#5 0x2020202020202020 in ?? ()
#6 0x2020202020202020 in ?? ()
#7 0x2020202020202020 in ?? ()
#8 0x2020202020202020 in ?? ()
#9 0x2020202020202020 in ?? ()
#10 0x2020202020202020 in ?? ()
#11 0x2020202020202020 in ?? ()
#12 0x2020202020202020 in ?? ()
#13 0x2020202020202020 in ?? ()
#14 0x2020202020202020 in ?? ()
#15 0x2020202020202020 in ?? ()
#16 0x2020202020202020 in ?? ()
#17 0x2020202020202020 in ?? ()
#18 0x2020202020202020 in ?? ()
#19 0x2020202020202020 in ?? ()
#20 0x2020202020202020 in ?? ()
#21 0x2020202020202020 in ?? ()
#22 0x2020202020202020 in ?? ()
#23 0x2020202020202020 in ?? ()
#24 0x2020202020202020 in ?? ()
#25 0x2020202020202020 in ?? ()
#26 0x2020202020202020 in ?? ()
#27 0x2020202020202020 in ?? ()
#28 0x2020202020202020 in ?? ()
#29 0x2020202020202020 in ?? ()
#30 0x2020202020202020 in ?? ()
#31 0x2020202020202020 in ?? ()
#32 0x2020202020202020 in ?? ()
#33 0x2020202020202020 in ?? ()
#34 0x2020202020202020 in ?? ()
#35 0x2020202020202020 in ?? ()
#36 0x2020202020202020 in ?? ()
...
#6690 0x2020202020202020 in ?? ()
#6691 0x2020202020202020 in ?? ()
#6692 0x2020202020202020 in ?? ()
#6693 0x2020202020202020 in ?? ()
#6694 0x2020202020202020 in ?? ()
#6695 0x2020202020202020 in ?? ()
#6696 0x2020202020202020 in ?? ()
#6697 0x2020202020202020 in ?? ()
Backtrace stopped: Cannot access memory at address 0x7ffffffff000
(gdb) step
Program terminated with signal SIGSEGV, Segmentation fault.
The program no longer exists.
(gdb) quit