Merge branch 'sleuthkit:develop-4.14' into develop-4.14

Author: jayaramcs

.github/workflows/build-unix.yml

@@ -30,7 +30,7 @@ jobs:
             compiler: "gcc"
             runner: "macos-15"
             configure_opts: "--with-libewf --enable-java"
-            make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
+            # make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
             codecov: "yes"
             prefix: "CODECOV"
             address_sanitizer: "yes"
@@ -43,7 +43,7 @@ jobs:
             compiler: "gcc"
             runner: "ubuntu-24.04"
             configure_opts: "--with-libewf --with-libqcow --with-libvhdi --with-libvmdk --enable-java"
-            make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
+            # make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
             codecov: "no"
             prefix:
             address_sanitizer: "yes"
@@ -57,7 +57,7 @@ jobs:
             compiler: "clang"
             runner: "ubuntu-24.04"
             configure_opts: "--with-libewf --with-libqcow --with-libvhdi --with-libvmdk --enable-java CC=clang CXX=clang++"
-            make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
+            # make_flags: "CFLAGS=-Werror CXXFLAGS=-Werror"
             codecov: "no"
             prefix: ""
             address_sanitizer: "yes"
@@ -175,7 +175,7 @@ jobs:
         run: |
           sudo dpkg --add-architecture i386
           sudo apt update
-          sudo apt install autoconf automake libtool make pkg-config mingw-w64 mingw-w64-tools libz-mingw-w64-dev wine32 wine64 wget libpcre3-dev
+          sudo apt install autoconf automake libtool make pkg-config mingw-w64 mingw-w64-tools libz-mingw-w64-dev wine32 wine64 wget libpcre3-dev 
           sudo update-alternatives --set ${{ matrix.arch }}-w64-mingw32-g++ /usr/bin/${{ matrix.arch }}-w64-mingw32-g++-posix
           # This is not working; also requires mingw-w64-x86_64-libgnurx
           # echo === installing libmagic for mingw ===

.github/workflows/compile-windows.yml

@@ -15,7 +15,7 @@ jobs:
     strategy:
       matrix:
         targetplatform: [x86, x64]
-    runs-on: windows-2019
+    runs-on: windows-2025
 
     env:
       TSK_HOME: "${{ github.workspace }}"
@@ -42,6 +42,11 @@ jobs:
           choco install nuget.commandline
           choco install ant --ignore-dependencies
 
+      - name: Size of drives
+        run: |
+          Get-CimInstance -Class Win32_LogicalDisk | Select-Object DeviceID, @{Name="Size(GB)";Expression={[Math]::Round($_.Size / 1GB, 2)}}, @{Name="FreeSpace(GB)";Expression={[Math]::Round($_.FreeSpace / 1GB, 2)}}, @{Name="FreeSpace(%)";Expression={[Math]::Round(($_.FreeSpace / $_.Size) * 100, 2)}} | Format-Table -AutoSize
+
+
       - name: Set up JDK 17
         uses: actions/setup-java@v3
         with:

bindings/java/jni/auto_db_java.cpp

@@ -294,6 +294,10 @@ TskAutoDbJava::addPoolInfoAndVS(const TSK_POOL_INFO *pool_info, int64_t parObjId
         poolObjIdj, TSK_VS_TYPE_APFS, pool_info->img_offset, (uint64_t)pool_info->block_size);
     objId = (int64_t)objIdj;
 
+    if (objId < 0) {
+        return TSK_ERR;
+    }
+
     saveObjectInfo(objId, poolObjId, TSK_DB_OBJECT_TYPE_VS);
     return TSK_OK;
 }
@@ -671,13 +675,14 @@ TskAutoDbJava::addFile(TSK_FS_FILE* fs_file,
     //     See github issue #756 on why initsize and not size.
     //   - The data is not compressed
     if ((fs_attr != NULL)
+        && (fs_file->meta != NULL)
         && ((strlen(name) > 0) && (!TSK_FS_ISDOT(name)))
         && (!(fs_file->meta->flags & TSK_FS_META_FLAG_COMP))
         && (fs_attr->flags & TSK_FS_ATTR_NONRES)
         && (fs_attr->nrd.allocsize > fs_attr->nrd.initsize)) {
-        strncat(name, "-slack", 6);
+        strncat(name, "-slack", nlen - strlen(name) - 1);
         if (strlen(extension) > 0) {
-            strncat(extension, "-slack", 6);
+            strncat(extension, "-slack", sizeof(extension) - strlen(extension) - 1);
         }
         jstring slackNamej;
         if (createJString(name, slackNamej) != TSK_OK) {
@@ -1098,6 +1103,13 @@ TskAutoDbJava::addImageDetails(const char* deviceId)
 
     for (int i = 0; i < m_img_info->num_img; i++) {
         char * img2 = (char*)tsk_malloc(1024 * sizeof(char));
+        if (img2 == NULL) {
+            for (int j = 0; j < i; j++) {
+                free(img_ptrs[j]);
+            }
+            free(img_ptrs);
+            return 1;
+        }
         UTF8 *ptr8;
         UTF16 *ptr16;
 
@@ -1112,11 +1124,16 @@ TskAutoDbJava::addImageDetails(const char* deviceId)
             tsk_error_reset();
             tsk_error_set_errno(TSK_ERR_AUTO_UNICODE);
             tsk_error_set_errstr("Error converting image to UTF-8\n");
+            free(img2);
+            for (int j = 0; j < i; j++) {
+                free(img_ptrs[j]);
+            }
+            free(img_ptrs);
             return 1;
         }
         img_ptrs[i] = img2;
     }
-#else 
+#else
     img_ptrs = m_img_info->images;
 #endif
 
@@ -1417,9 +1434,12 @@ uint8_t
     }
 
     if (m_imageWriterEnabled) {
-        tsk_img_writer_create(m_img_info, m_imageWriterPath);
+        if (tsk_img_writer_create(m_img_info, m_imageWriterPath)) {
+            registerError();
+            return 1;
+        }
     }
-    
+
     if (m_addFileSystems) {
         return addFilesInImgToDb();
     } else {
@@ -1497,7 +1517,10 @@ uint8_t
         return 1;
     }
     if (m_imageWriterEnabled) {
-        tsk_img_writer_create(m_img_info, m_imageWriterPath);
+        if (tsk_img_writer_create(m_img_info, m_imageWriterPath)) {
+            registerError();
+            return 1;
+        }
     }
 
     if (m_addFileSystems) {
@@ -1682,7 +1705,8 @@ TSK_WALK_RET_ENUM TskAutoDbJava::fsWalkUnallocBlocksCb(const TSK_FS_BLOCK *a_blo
     TskAutoDbJava & tskAutoDbJava = unallocBlockWlkTrack->tskAutoDbJava;
     if (tskAutoDbJava.addUnallocBlockFile(tskAutoDbJava.m_curUnallocDirId,
         unallocBlockWlkTrack->fsObjId, unallocBlockWlkTrack->size, unallocBlockWlkTrack->ranges, fileObjId, tskAutoDbJava.m_curImgId) == TSK_ERR) {
-            // @@@ Handle error -> Don't have access to registerError() though...
+            tskAutoDbJava.registerError();
+            return TSK_WALK_STOP;
     }
 
     // reset
@@ -1748,17 +1772,19 @@ TSK_RETVAL_ENUM TskAutoDbJava::addFsInfoUnalloc(const TSK_DB_FS_INFO & dbFsInfo)
         return TSK_OK;
     }
 
-    // handle creation of the last range
-    // make range inclusive from curBlockStart to prevBlock
-    const uint64_t byteStart = unallocBlockWlkTrack.curRangeStart * fsInfo->block_size + fsInfo->offset;
-    const uint64_t byteLen = (1 + unallocBlockWlkTrack.prevBlock - unallocBlockWlkTrack.curRangeStart) * fsInfo->block_size;
-    unallocBlockWlkTrack.ranges.push_back(TSK_DB_FILE_LAYOUT_RANGE(byteStart, byteLen, unallocBlockWlkTrack.nextSequenceNo++));
-    int64_t fileObjId = 0;
+    // handle creation of the last range (only if the walk visited at least one block)
+    if (!unallocBlockWlkTrack.isStart) {
+        // make range inclusive from curBlockStart to prevBlock
+        const uint64_t byteStart = unallocBlockWlkTrack.curRangeStart * fsInfo->block_size + fsInfo->offset;
+        const uint64_t byteLen = (1 + unallocBlockWlkTrack.prevBlock - unallocBlockWlkTrack.curRangeStart) * fsInfo->block_size;
+        unallocBlockWlkTrack.ranges.push_back(TSK_DB_FILE_LAYOUT_RANGE(byteStart, byteLen, unallocBlockWlkTrack.nextSequenceNo++));
+        int64_t fileObjId = 0;
 
-    if (addUnallocBlockFile(m_curUnallocDirId, dbFsInfo.objId, unallocBlockWlkTrack.size, unallocBlockWlkTrack.ranges, fileObjId, m_curImgId) == TSK_ERR) {
-        registerError();
-        tsk_fs_close(fsInfo);
-        return TSK_ERR;
+        if (addUnallocBlockFile(m_curUnallocDirId, dbFsInfo.objId, unallocBlockWlkTrack.size, unallocBlockWlkTrack.ranges, fileObjId, m_curImgId) == TSK_ERR) {
+            registerError();
+            tsk_fs_close(fsInfo);
+            return TSK_ERR;
+        }
     }
 
     //cleanup 
@@ -1941,11 +1967,7 @@ TSK_RETVAL_ENUM TskAutoDbJava::addUnallocImageSpaceToDb() {
         return TSK_ERR;
     }
     else {
-        TSK_DB_FILE_LAYOUT_RANGE tempRange(0, imgSize, 0);
         //add unalloc block file for the entire image
-        vector<TSK_DB_FILE_LAYOUT_RANGE> ranges;
-        ranges.push_back(tempRange);
-        int64_t fileObjId = 0;
         if (TSK_ERR == addUnallocBlockFileInChunks(0, imgSize, m_curImgId, m_curImgId)) {
             return TSK_ERR;
         }