Bug 904346 - [abrt] chntpw-0.99.6-19.110511.fc18: get_val2buf: Process /usr/bin/chntpw was killed by signal 11 (SIGSEGV)
Summary: [abrt] chntpw-0.99.6-19.110511.fc18: get_val2buf: Process /usr/bin/chntpw was...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: chntpw
Version: 18
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Conrad Meyer
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:dd635c966fc02f6aa817f88d71f...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-26 12:41 UTC by Esa Varemo
Modified: 2014-09-23 17:14 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-02-05 22:59:42 UTC
Type: ---
Embargoed:
esa: needinfo-


Attachments (Terms of Use)
File: backtrace (12.89 KB, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: build_ids (246 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: cgroup (126 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: core_backtrace (464 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: dso_list (495 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: environ (2.60 KB, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: limits (1.29 KB, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: maps (2.62 KB, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: open_fds (172 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: proc_pid_status (920 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
File: var_log_messages (1006 bytes, text/plain)
2013-01-26 12:41 UTC, Esa Varemo
no flags Details
copy of the register hive I tried to use (24.75 MB, application/octet-stream)
2013-01-26 20:49 UTC, Esa Varemo
no flags Details

Description Esa Varemo 2013-01-26 12:41:08 UTC
Description of problem:
chntpw crashes everytime I tried to cat or ed a certain key (HKLM/System/ControlSet001/services/msahci)

I haven't tried with other keys

Version-Release number of selected component:
chntpw-0.99.6-19.110511.fc18

Additional info:
backtrace_rating: 4
cmdline:        chntpw -l /mnt/Windows/System32/config/SYSTEM
crash_function: get_val2buf
executable:     /usr/bin/chntpw
kernel:         3.7.2-204.fc18.x86_64
remote_result:  NOTFOUND
uid:            1000

Truncated backtrace:
Thread no. 1 (4 frames)
 #0 get_val2buf at ntreg.c:1866
 #1 cat_vk at edlib.c:215
 #2 regedit_interactive at edlib.c:633
 #3 mainloop at chntpw.c:837

Comment 1 Esa Varemo 2013-01-26 12:41:13 UTC
Created attachment 687940 [details]
File: backtrace

Comment 2 Esa Varemo 2013-01-26 12:41:15 UTC
Created attachment 687941 [details]
File: build_ids

Comment 3 Esa Varemo 2013-01-26 12:41:17 UTC
Created attachment 687942 [details]
File: cgroup

Comment 4 Esa Varemo 2013-01-26 12:41:20 UTC
Created attachment 687943 [details]
File: core_backtrace

Comment 5 Esa Varemo 2013-01-26 12:41:22 UTC
Created attachment 687944 [details]
File: dso_list

Comment 6 Esa Varemo 2013-01-26 12:41:25 UTC
Created attachment 687945 [details]
File: environ

Comment 7 Esa Varemo 2013-01-26 12:41:27 UTC
Created attachment 687946 [details]
File: limits

Comment 8 Esa Varemo 2013-01-26 12:41:29 UTC
Created attachment 687947 [details]
File: maps

Comment 9 Esa Varemo 2013-01-26 12:41:32 UTC
Created attachment 687948 [details]
File: open_fds

Comment 10 Esa Varemo 2013-01-26 12:41:34 UTC
Created attachment 687949 [details]
File: proc_pid_status

Comment 11 Esa Varemo 2013-01-26 12:41:36 UTC
Created attachment 687950 [details]
File: var_log_messages

Comment 12 Conrad Meyer 2013-01-26 19:10:15 UTC
Any chance you are willing to either get me a core file or a copy of the hive (.../config/SYSTEM)? I promise not to do anything evil with it...

Meanwhile I'll look at the code and see if I spot anything. Thanks for filing the report.

Comment 13 Esa Varemo 2013-01-26 20:41:20 UTC
How do I upload (where can I find) the core file?

I'm trying to upload the part of the registry, if my laptop ever succeeds in it...
Also I tried to 'cat ...' another key, which crashed in SIGABRT, if I remember correctly.

My machine is trying parse together a bug report for that too. (I wish it isn't a straight up duplicate of this one)

Comment 14 Esa Varemo 2013-01-26 20:49:18 UTC
Created attachment 688164 [details]
copy of the register hive I tried to use

Comment 15 Esa Varemo 2013-01-26 20:54:15 UTC
I tried to 'cat ...' a registry key, and the program froze for a moment, then crashed

backtrace_rating: 4
Package: chntpw-0.99.6-19.110511.fc18
OS Release: Fedora release 18 (Spherical Cow)

Comment 16 Conrad Meyer 2013-01-26 21:41:49 UTC
Thanks for the quick response, I'll look into it!

Comment 17 Conrad Meyer 2013-01-26 22:00:58 UTC
So: What it looks like is chntpw interprets something as an offset 30 MB into the hive; since the hive is only 25 MB this is off the end and we get the segfault. Could be buggy chntpw behavior or a corrupted hive. I'll investigate further...

Comment 18 Conrad Meyer 2013-01-26 22:05:44 UTC
Yeah, hivex also thinks this is a corrupted registry file:

hivex: SYSTEM: block size 1 at 0x138d420, bad registry

Anything special about it? (Win8 or something?) Any chance it's just a corrupted file?

Comment 19 Conrad Meyer 2013-01-26 22:54:00 UTC
I'm going to mark this as closed, assuming registry is corrupted. Just re-open it if that's not true.

(Yeah, chntpw probably shouldn't segfault on this error, but chntpw does lots of dumb things. I really need to port it to hivex...)

Comment 20 Esa Varemo 2013-01-26 23:13:04 UTC
The registry *should* not be corrupted, but I'll have to verify it.

It is from a working windows 7 install dd'd to a new disk (not bootable as the new disk is gpt and old one was mbr). The windows worked just fine when I used it this week...

Comment 21 Esa Varemo 2013-01-28 17:22:51 UTC
Are you sure the registry is broken, as I tried opening another registry hive (SOFTWARE). It also crashes:

\Microsoft\Windows NT> cat CurrentVersion
malloc failure: Cannot allocate memory
Aborted (core dumped)

It is hard to believe that multiple files would be corrupt, but I am not ruling that chance out.

Comment 22 Conrad Meyer 2013-01-29 05:12:44 UTC
It's hard to tell. chntpw is some really broken and badly written software. About the only thing it does reliably is change user passwords -- the registry viewing / editing is terrible. I'd recommend trying to read from the same hives with hivexsh (package name: hivex), a much better written registry hive navigator / editor. For what it's worth, I tried to open your SYSTEM hive with hivex and got:

"hivex: SYSTEM: block size 1 at 0x138d420, bad registry"

Which implies that your SYSTEM hive is corrupt, or hivex is incomplete (while this is possible, I don't think Windows 7 changed anything substancially in the registry...). So, it seems possible that your SOFTWARE hive is also corrupted... But try hivexsh on SOFTWARE and let me know what you see.

Comment 23 Conrad Meyer 2013-02-02 06:41:38 UTC
Ping?

Comment 24 Fedora End Of Life 2013-12-21 15:19:49 UTC
This message is a reminder that Fedora 18 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 18. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '18'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 18's end of life.

Thank you for reporting this issue and we are sorry that we may not be 
able to fix it before Fedora 18 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior to Fedora 18's end of life.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 25 Fedora End Of Life 2014-02-05 22:59:42 UTC
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.