[Libguestfs] [hivex] Segfault for an integer value to node_set_value

Peter Wu peter at lekensteyn.nl
Tue Aug 5 19:40:50 UTC 2014


It is even worse, in py2, strings are bytes. In py 3, strings are Unicode.

Result: I have now corrupted the registry since I tried to write hex 31 for a dword (instead of a 32-bit into).

There is also an invalid reg_sz which should be utf16 instead of the gibberish that is now contained in it.

I have not checked with py2, but does it require bytes ("str") or can you also pass an int? Is the type t used? (It probably should)

Kind regards,
Peter
https://lekensteyn.nl
(pardon my brevity, top-posting and formatting, sent from my phone)


On August 5, 2014 8:58:06 PM CEST, Hilko Bengen <bengen at hilluzination.de> wrote:
>* Peter Wu:
>
>> When an integer argument is passed as value, node_set_value
>> segfaults. Reproducer is at the end of this message
>
>Uh-oh. It looks like the handling of values is broken for non-string
>cases.
>
>    bytes = PyUnicode_AsUTF8String (obj);
>
>with obj derived from the numeric 1234 causes bytes to be set to null.
>A line of error handling code tells us why:
>
>    TypeError: bad argument type for built-in operation
>
>For Python2, ret->len is set to a value that is too large for size_t,
>and thus malloc(), so Python crashes with...
>
>    RuntimeError: Cannot allocate memory
>
>I am looking at fixing this.
>
>Cheers,
>-Hilko




More information about the Libguestfs mailing list