Skip to content

Autopsy 4.22.0 - Crashes if data source does not exist #7956

New issue
New issue
Open
Open
Autopsy 4.22.0 - Crashes if data source does not exist#7956
@dsmackie

Description

@dsmackie
dsmackie
opened on Apr 3, 2025

Autopsy 4.21.0 previously alerted that the data source image was missing and provided the option to find it;

Image

Autopsy 4.22.0 no longer detects the file is missing, instead trying to load the image and having an access violation.

---------------  T H R E A D  ---------------

Current thread (0x00000000690462f0):  JavaThread "case-open-file-systems-0" [_thread_in_native, id=13580, stack(0x0000000069fd0000,0x000000006a1d0000)]

Stack: [0x0000000069fd0000,0x000000006a1d0000],  sp=0x000000006a1ce430,  free space=2041k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  0x00007ffc573a447e

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  org.sleuthkit.datamodel.SleuthkitJNI.openImgNat([Ljava/lang/String;II)J+0
j  org.sleuthkit.datamodel.SleuthkitJNI.openImage([Ljava/lang/String;IZLjava/lang/String;)J+212
j  org.sleuthkit.datamodel.SleuthkitJNI.openImage([Ljava/lang/String;ILorg/sleuthkit/datamodel/SleuthkitCase;)J+21
j  org.sleuthkit.datamodel.Image.getImageHandle()J+41
j  org.sleuthkit.datamodel.FileSystem.getFileSystemHandle()J+146
j  org.sleuthkit.datamodel.FileSystem.read([BJJ)I+31
j  org.sleuthkit.autopsy.casemodule.Case$BackgroundOpenFileSystemsTask.openFileSystems(Ljava/util/List;)V+107
j  org.sleuthkit.autopsy.casemodule.Case$BackgroundOpenFileSystemsTask.run()V+65
j  java.util.concurrent.Executors$RunnableAdapter.call()Ljava/lang/Object;+4 [email protected]
J 4369 c1 java.util.concurrent.FutureTask.run()V [email protected] (123 bytes) @ 0x0000000007d67794 [0x0000000007d66f60+0x0000000000000834]
j  java.util.concurrent.ThreadPoolExecutor.runWorker(Ljava/util/concurrent/ThreadPoolExecutor$Worker;)V+92 [email protected]
j  java.util.concurrent.ThreadPoolExecutor$Worker.run()V+5 [email protected]
j  java.lang.Thread.run()V+11 [email protected]
v  ~StubRoutines::call_stub

siginfo: EXCEPTION_ACCESS_VIOLATION (0xc0000005), reading address 0x0000000000000000

I have verified this by creating a case with Autopsy 4.21.0, deleting the data source, and then reloading with 4.21.0. The dialog box was presented asking for the source data image. Loading the case with 4.22.0, the dialog is not presented and the software crashes.

Checks with Sysinternals ProcMon show that Autopsy 4.22.0 is trying to read the missing data source image at the time of error.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions