Skip to content

Commit

Permalink
(bugfix) Fix off-by-6 bug in assemble.rs
Browse files Browse the repository at this point in the history
This fixes an off-by-six bug in assemble.rs that was causing
string-cache miss backup parsing to fail. When the string cache is
populated in `string_cache.rs`, from the given offset in the chunk
header, a `BinXmlNameLink` (which is 6 total bytes in size) is read from
the cursor, followed by the `BinXmlName`. On cache misses, `assemble.rs`
was not reading the `BinXmlNameLink` which was in turn failing to
advance the cursor by the number of bytes required.

This commit adds 6 to the offset in `assemble.rs`, fixing this problem.
  • Loading branch information
dgmcdona authored and David McDonald committed Mar 14, 2024
1 parent 6f374c8 commit 761d6a1
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/binxml/assemble.rs
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,8 @@ pub fn create_record_model<'a>(
Ok(model)
}

const BINXML_NAME_LINK_SIZE: u32 = 6;

fn expand_string_ref<'a>(
string_ref: &BinXmlNameRef,
chunk: &'a EvtxChunk<'a>,
Expand All @@ -249,7 +251,11 @@ fn expand_string_ref<'a>(
None => {
let mut cursor = Cursor::new(chunk.data);
let cursor_ref = cursor.borrow_mut();
try_seek!(cursor_ref, string_ref.offset, "Cache missed string")?;
try_seek!(
cursor_ref,
string_ref.offset + BINXML_NAME_LINK_SIZE,
"Cache missed string"
)?;

let string = BinXmlName::from_stream(cursor_ref)?;
Ok(Cow::Owned(string))
Expand Down

0 comments on commit 761d6a1

Please sign in to comment.