tsk_fs_load_file_action: does not check for buf1->cur == NULL
joachimmetz opened this issue · comments
https://github.com/sleuthkit/sleuthkit/blame/develop/tsk/fs/fs_load.c#L35 is called from https://github.com/sleuthkit/sleuthkit/blame/develop/tsk/fs/fs_attr.c#L840 as callback by https://github.com/sleuthkit/sleuthkit/blame/develop/tsk/fs/ntfs_dent.cpp#L1053
From memcpy(3)
DESCRIPTION
The memcpy() function copies n bytes from memory area src to memory area dest. The memory areas must not overlap. Use memmove(3) if the memory areas do overlap.
The memory areas must not overlap. Use memmove(3) if the memory areas do overlap.
Suggested changes in #2808 though it looks like this overlapping ranges issue might be masking another issue.
Per https://github.com/sleuthkit/sleuthkit/blame/develop/tsk/fs/ntfs_dent.cpp#L1041 if idxalloc_len == 0
then https://github.com/sleuthkit/sleuthkit/blame/develop/tsk/fs/ntfs_dent.cpp#L1047 load_file.cur
and load_file.base
are set to NULL. But tsk_fs_load_file_action does not check for this condition.
Updated #2808