Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Plaso hangs with error "IndexError: pop from empty list"
See original GitHub issuePlaso version: 1.5.0 Release
Operating system Plaso is running on: Ubuntu 14.04.5 64-bit
Installation method: Installed from GIFT PPA (Stable)
Description of problem: L2T generates an error and locks up the shell while processing an image. Traceback included below.
Source data: I am using images from the SANS FOR508 class for testing. This error was generated while processing the nfury image which is Windows 7 64-bit image in EW format.
I used the “full kitchen sink” approach for testing. The first time I did not select any VSSs and the process completed without error. All subsequent attempts to process the image while including any or all of the VSSs cause the error. I have tried three times so far and whenever I select a VSS the application runs for a number of hours then eventually crashes and the shell session hangs. It has to be forcible closed and the temp directories manually deleted.
My system does not have any A/V software running and ample resources, including storage space.
Traceback (most recent call last):
File "/usr/bin/log2timeline.py", line 767, in <module>
if not Main():
File "/usr/bin/log2timeline.py", line 753, in Main
tool.ProcessSources()
File "/usr/bin/log2timeline.py", line 664, in ProcessSources
timezone=self._timezone, yara_rules_string=self._yara_rules_string)
File "/usr/lib/python2.7/dist-packages/plaso/frontend/extraction_frontend.py", line 483, in ProcessSources
yara_rules_string=yara_rules_string)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 791, in ProcessSources
filter_find_specs=filter_find_specs)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 288, in _ProcessSources
self._ScheduleTasks(storage_writer)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 419, in _ScheduleTasks
self._FillEventSourceHeap(storage_writer, event_source_heap)
File "/usr/lib/python2.7/dist-packages/plaso/multi_processing/task_engine.py", line 351, in _FillEventSourceHeap
event_source = storage_writer.GetNextWrittenEventSource()
File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 3175, in GetNextWrittenEventSource
self._written_event_source_index)
File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 2582, in GetEventSourceByIndex
offset_table = self._GetSerializedEventSourceOffsetTable(stream_number)
File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 1443, in _GetSerializedEventSourceOffsetTable
u'event_source_index', stream_number)
File "/usr/lib/python2.7/dist-packages/plaso/storage/zip_file.py", line 1375, in _GetSerializedDataOffsetTable
lfu_stream_number = self._event_offset_tables_lfu.pop()
IndexError: pop from empty list
If you’d like me to try anything else, let me know. I’d be happy to help.
Chris
Issue Analytics
- State:
- Created 7 years ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
yes
This was fixed in https://github.com/log2timeline/plaso/commit/71382e7b9e1281f3c5dbd37d78b3a1a95885e0e9