Skip to content

Prevent infinite looping and out of memory errors #1482#1490

Merged
ikelos merged 2 commits intodevelopfrom
issue_1482_infinite_loop_oom
Jan 25, 2025
Merged

Prevent infinite looping and out of memory errors #1482#1490
ikelos merged 2 commits intodevelopfrom
issue_1482_infinite_loop_oom

Conversation

@atcuno
Copy link
Contributor

@atcuno atcuno commented Dec 28, 2024

No description provided.

@atcuno atcuno requested a review from ikelos December 28, 2024 22:33
@atcuno
Copy link
Contributor Author

atcuno commented Dec 28, 2024

This is ready @ikelos

@ikelos ikelos linked an issue Dec 30, 2024 that may be closed by this pull request
get_full_key_name infinite loop causes out of memory errors on analyst systems #1482
Closed
ikelos
ikelos reviewed Dec 30, 2024
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy with the error checking, just wondering how best to indicate the error to the user? Possibly we should have a vollog warning that prints as much of the key name as could be recovered? I'm not sure...

Also, if you want github to auto tag the issues these are supposed to fix, you can't just mention it in the title, you need to put "Fixes #blah" or "Closes #blah" in the bug body, please...

volatility3/framework/symbols/windows/extensions/registry.py Outdated
kcb = self.KeyControlBlock
while kcb.ParentKcb:
if kcb.ParentKcb.vol.offset in seen:
return ""
Copy link
Member

@ikelos ikelos Dec 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't these be None or something else? I don't want the BaseAbsentValues sneaking in here, but it feels like we should be alerting people that things didn't work? The downside with that is then you have to do error checking whenever you try to pull the full key name? Just wondering of the consequences of it returning a value but blank string in case of an error?

Copy link
Contributor Author

@atcuno atcuno Dec 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That function is called from handles on this line:

https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/handles.py#L313

Which, in the else case of that same block, the empty string is used to indicate an error:

https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/plugins/windows/handles.py#L318

If it makes more sense, I can change both places (the registry extension + line 318 in handles) to send back None instead of "", then have the yield() handler do the "variable or renderers....." setup. Is that preferred? That avoids the extension API having to send back a renderer instance.

Copy link
Contributor Author

@atcuno atcuno Dec 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, thanks for this:

"Also, if you want github to auto tag the issues these are supposed to fix, you can't just mention it in the title, you need to put "Fixes #blah" or "Closes #blah" in the bug body, please..."

I am used to GitLab where tagging the number accomplishes it.

Copy link
Member

@ikelos ikelos Dec 30, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I think it would be better to return None as a way of indicating an error, and then let the caller figure out what to do with it. Also, no problem. 5;)

@atcuno atcuno force-pushed the issue_1482_infinite_loop_oom branch from 3aa4af8 to e9088be Compare January 24, 2025 22:03
@atcuno
Copy link
Contributor Author

atcuno commented Jan 24, 2025

@ikelos this is ready again

@atcuno atcuno mentioned this pull request Jan 24, 2025
Closed
13 tasks
ikelos
ikelos approved these changes Jan 25, 2025
View reviewed changes
Copy link
Member

@ikelos ikelos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, looks good, thanks.

@ikelos ikelos merged commit cae7930 into develop Jan 25, 2025
24 checks passed
@ikelos ikelos deleted the issue_1482_infinite_loop_oom branch January 25, 2025 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ikelos ikelos ikelos approved these changes

Assignees

No one assigned

Labels

parity-release

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

get_full_key_name infinite loop causes out of memory errors on analyst systems

2 participants

@atcuno @ikelos