aeskeyfind segmentation fault

Anathema anathema at anche.no
Mon Dec 24 23:56:48 UTC 2012


Hi guys,
I'm trying to use "aeskeyfind" bin to do some tests on my notebook, and
as the suject says, it segfaults.

Notebook: Samsung RF511 with 4GB of RAM, running Ubuntu 12.04 (just
don't say...).

I got a memory dump with LiME in a raw format, then I executed
aeskeyfind and at 51% it segfaulted.
So I downloaded the src from https://citp.princeton.edu/memory-content/,
recompiled with -g flag and run with valgrind.

Attached is the log file.
The bug is at line 109 of aeskeyfind.c

I can't understand nothing about the code so I cannot fix that.

Thank you in advance,

Best Regards

-- 
Anathema

+--------------------------------------------------------------------+
|GPG/PGP KeyID: 0F26965C available on http://pgpkeys.mit.edu:11371/  |
|Fingerprint: F808 18A2 2E7D 6E7A 7A18 4062 0AA3 7BF2 0F26 965C      |
|								     |
|http://www.msack.org						     |
+--------------------------------------------------------------------+

-------------- next part --------------
anathema at cryptopunk:~/aeskeyfind$ valgrind -v  ./aeskeyfind -v ../ramdump.dd
==11927== Memcheck, a memory error detector
==11927== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==11927== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==11927== Command: ./aeskeyfind -v ../ramdump.dd
==11927== 
--11927-- Valgrind options:
--11927--    --suppressions=/usr/lib/valgrind/debian-libc6-dbg.supp
--11927--    -v
--11927-- Contents of /proc/version:
--11927--   Linux version 3.2.0-25-generic (buildd at crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #40-Ubuntu SMP Wed May 23 20:30:51 UTC 2012
--11927-- Arch and hwcaps: AMD64, amd64-sse3-cx16
--11927-- Page sizes: currently 4096, max supported 4096
--11927-- Valgrind library directory: /usr/lib/valgrind
--11927-- Reading syms from /home/anathema/aeskeyfind/aeskeyfind (0x400000)
--11927-- Reading syms from /lib/x86_64-linux-gnu/ld-2.15.so (0x4000000)
--11927--   Considering /lib/x86_64-linux-gnu/ld-2.15.so ..
--11927--   .. CRC mismatch (computed eabdc7b7 wanted 3ee54b4e)
--11927--   Considering /usr/lib/debug/lib/x86_64-linux-gnu/ld-2.15.so ..
--11927--   .. CRC is valid
--11927-- Reading syms from /usr/lib/valgrind/memcheck-amd64-linux (0x38000000)
--11927--   Considering /usr/lib/valgrind/memcheck-amd64-linux ..
--11927--   .. CRC mismatch (computed b9a585cc wanted 749d1a67)
--11927--    object doesn't have a symbol table
--11927--    object doesn't have a dynamic symbol table
--11927-- Reading suppressions file: /usr/lib/valgrind/debian-libc6-dbg.supp
--11927-- Reading suppressions file: /usr/lib/valgrind/default.supp
==11927== embedded gdbserver: reading from /tmp/vgdb-pipe-from-vgdb-to-11927-by-anathema-on-???
==11927== embedded gdbserver: writing to   /tmp/vgdb-pipe-to-vgdb-from-11927-by-anathema-on-???
==11927== embedded gdbserver: shared mem   /tmp/vgdb-pipe-shared-mem-vgdb-11927-by-anathema-on-???
==11927== 
==11927== TO CONTROL THIS PROCESS USING vgdb (which you probably
==11927== don't want to do, unless you know exactly what you're doing,
==11927== or are doing some strange experiment):
==11927==   /usr/lib/valgrind/../../bin/vgdb --pid=11927 ...command...
==11927== 
==11927== TO DEBUG THIS PROCESS USING GDB: start GDB like this
==11927==   /path/to/gdb ./aeskeyfind
==11927== and then give GDB the following command
==11927==   target remote | /usr/lib/valgrind/../../bin/vgdb --pid=11927
==11927== --pid is optional if only one valgrind process is running
==11927== 
--11927-- REDIR: 0x40189e0 (strlen) redirected to 0x380625c7 (???)
--11927-- Reading syms from /usr/lib/valgrind/vgpreload_core-amd64-linux.so (0x4a25000)
--11927--   Considering /usr/lib/valgrind/vgpreload_core-amd64-linux.so ..
--11927--   .. CRC mismatch (computed c82927cb wanted 1861273b)
--11927--    object doesn't have a symbol table
--11927-- Reading syms from /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so (0x4c27000)
--11927--   Considering /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so ..
--11927--   .. CRC mismatch (computed 72e29ec9 wanted f3ad49da)
--11927--    object doesn't have a symbol table
--11927-- REDIR: 0x4018850 (index) redirected to 0x4c2bc60 (index)
--11927-- REDIR: 0x40188d0 (strcmp) redirected to 0x4c2cc20 (strcmp)
--11927-- Reading syms from /lib/x86_64-linux-gnu/libc-2.15.so (0x4e32000)
--11927--   Considering /lib/x86_64-linux-gnu/libc-2.15.so ..
--11927--   .. CRC mismatch (computed 3af7ebbf wanted 50fc58fa)
--11927--   Considering /usr/lib/debug/lib/x86_64-linux-gnu/libc-2.15.so ..
--11927--   .. CRC is valid
--11927-- REDIR: 0x4ebee30 (strcasecmp) redirected to 0x4a25610 (_vgnU_ifunc_wrapper)
--11927-- REDIR: 0x4ebb1d0 (strnlen) redirected to 0x4a25610 (_vgnU_ifunc_wrapper)
--11927-- REDIR: 0x4ec1100 (strncasecmp) redirected to 0x4a25610 (_vgnU_ifunc_wrapper)
--11927-- REDIR: 0x4ebcbc0 (__GI_strrchr) redirected to 0x4c2ba80 (__GI_strrchr)
--11927-- REDIR: 0x4ebb0f0 (__GI_strlen) redirected to 0x4c2bfc0 (__GI_strlen)
--11927-- REDIR: 0x4eb9530 (__GI_strchr) redirected to 0x4c2bb60 (__GI_strchr)
==11927== Warning: set address range perms: large range [0x395a5000, 0x133cb5000) (defined)
--11927-- REDIR: 0x4ec4d00 (strchrnul) redirected to 0x4c2e3b0 (strchrnul)
--11927-- REDIR: 0x4eb5580 (free) redirected to 0x4c2a7c0 (free)
==11927== Invalid read of size 1
==11927==    at 0x40098D: main (aeskeyfind.c:109)
==11927==  Address 0xffffffffb95a5000 is not stack'd, malloc'd or (recently) free'd
==11927== 
==11927== 
==11927== Process terminating with default action of signal 11 (SIGSEGV)
==11927==  Access not within mapped region at address 0xFFFFFFFFB95A5000
==11927==    at 0x40098D: main (aeskeyfind.c:109)
==11927==  If you believe this happened as a result of a stack
==11927==  overflow in your program's main thread (unlikely but
==11927==  possible), you can try to increase the size of the
==11927==  main thread stack using the --main-stacksize= flag.
==11927==  The main thread stack size used in this run was 8388608.
==11927== 
==11927== HEAP SUMMARY:
==11927==     in use at exit: 0 bytes in 0 blocks
==11927==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
==11927== 
==11927== All heap blocks were freed -- no leaks are possible
==11927== 
==11927== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
==11927== 
==11927== 1 errors in context 1 of 1:
==11927== Invalid read of size 1
==11927==    at 0x40098D: main (aeskeyfind.c:109)
==11927==  Address 0xffffffffb95a5000 is not stack'd, malloc'd or (recently) free'd
==11927== 
--11927-- 
--11927-- used_suppression:      2 dl-hack3-cond-1
==11927== 
==11927== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2)
Segmentation fault
anathema at cryptopunk:~/aeskeyfind$ 



More information about the forensics-devel mailing list