[Libguestfs] [PATCH] hivex/python fix for i386 integer size issue

Fri Apr 29 19:15:03 UTC 2011

It worked!  I'm ready to rock and roll with hivex for python now!

This is going to mean big things for the digital forensics community
-- up until now our only options have been C or Perl for parsing
registry hives, but a lot of the other tools are written in Python.
This will streamline our code base.

Thanks to Hilko for finding the bug and Richard for writing hivex in
the first place.

Elizabeth

On Thu, Apr 28, 2011 at 12:04 PM, Elizabeth Schweinsberg
<bethlogic at gmail.com> wrote:
> I am going to have to wait until tomorrow to try it -- the work
> firewall is blocking git.annexia.org.  I'll try download it at home
> tonight.  But it makes sense that it would solve it -- I am running on
> a i386 and after a little more testing found that at one point py_h
> was set, and then the next call it was null.
>
> Fingers crossed for tomorrow!
> Elizabeth
>
> On Thu, Apr 28, 2011 at 3:49 AM, Richard W.M. Jones <rjones at redhat.com> wrote:
>> On Thu, Apr 28, 2011 at 12:20:08AM +0200, Hilko Bengen wrote:
>>> Hi,
>>>
>>> While working on Debian packages of hivex 1.2.5, I came across a test
>>> failure for the Python bindings with Python 2.7 on the i386
>>> architecture. (The tests ran fine on amd64.)
>>>
>>> ,----
>>> | $ make -C python check
>>> | make[1]: Entering directory `/home/bengen/src/deb/hivex/hivex.git/python'
>>> | 010-import.py
>>> | 020-open.py
>>> | 021-close.py
>>> | 200-write.py
>>> | python: hivex-py.c:52: get_handle: Assertion `obj' failed.
>>> `----
>>>
>>> I narrowed this down to hivex-py.c:py_hivex_node_add_child():
>>>
>>> The call
>>>
>>> ,----
>>> | PyArg_ParseTuple (args, (char *) "OLs:hivex_node_add_child",
>>> |                         &py_h, &parent, &name)
>>> `----
>>>
>>> results in `py_h' set to NULL, though Python's documentation claims that
>>> this cannot happen. I think this happens because `parent' is declared a
>>> `long int', but "L" in the format string corresponds to a `long long'.
>>> On amd64, they have the same size, but on i386 they don't, so the
>>> PyObject pointer is written to the wrong address.
>>>
>>> Please consider applying the patch below which just changes the format
>>> string. After regenerating hivex-py.c, I have successfully tested the
>>> 1.2.5 code base on both architectures.
>>>
>>> Cheers,
>>> -Hilko
>>>
>>> diff --git a/generator/generator.ml b/generator/generator.ml
>>> index 7e706d1..9722312 100755
>>> --- a/generator/generator.ml
>>> +++ b/generator/generator.ml
>>> @@ -2875,7 +2875,7 @@ put_val_type (char *val, size_t len, hive_type t)
>>>           pr "O"
>>>       | ANode n
>>>       | AValue n ->
>>> -         pr "L"
>>> +         pr "l"
>>>       | AString n ->
>>>           pr "s"
>>>          | AStringNullable n ->
>>
>> Elizabeth, can you try this to see if it fixes your problem too?
>>
>> Rich.
>>
>> --
>> Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
>> New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
>> programs, test, and build Windows installers. Over 70 libraries supprt'd
>> http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
>>
>