Closed joachimmetz closed 3 years ago
Changes in libtsk 4.8 cause multiple issues:
Looks like the lexer is failing to process some of the changed public API structs
PYTHONPATH=. python3 class_parser.py sleuthkit/tsk/libtsk.h sleuthkit/tsk/base/tsk_base.h sleuthkit/tsk/fs/tsk_fs.h sleuthkit/tsk/img/tsk_img.h sleuthkit/tsk/vs/tsk_vs.h tsk3.h
4.7
0xC49C: Calling PUSH_STATE 'struct TSK_FS_INFO {'
0xC49C: Calling STRUCT_START 'struct TSK_FS_INFO {'
0xC4A5: Calling SPACE '\n '
0xC4AD: Calling STRUCT_ATTRIBUTE 'int tag;'
0xC4BD: Calling SPACE ' '
0xC514: Calling COMMENT '///< \\internal Will be set to TSK_FS_INFO_TAG if structure is still allocated, 0 if not'
0xC51D: Calling SPACE '\n '
0xC534: Calling STRUCT_ATTRIBUTE 'TSK_IMG_INFO *img_info;'
Unknown attribute type TSK_IMG_INFO * for TSK_FS_INFO.img_info
0xC535: Calling SPACE ' '
0xC55A: Calling COMMENT '///< Pointer to the image layer state'
0xC563: Calling SPACE '\n '
4.8
0xCAD9: Calling PUSH_STATE 'struct TSK_FS_INFO {'
0xCAD9: Calling STRUCT_START 'struct TSK_FS_INFO {'
0xCAE2: Calling SPACE '\n '
0xCAEA: Calling STRUCT_ATTRIBUTE 'int tag;'
0xCAFA: Calling SPACE ' '
0xCB51: Calling COMMENT '///< \\internal Will be set to TSK_FS_INFO_TAG if structure is still allocated, 0 if not'
0xCB53: Calling CLEAR_COMMENT '\n\n'
0xCB5B: Calling SPACE ' '
0xCB63: Calling PUSH_STATE 'struct {'
0xCB70: Calling SPACE '\n '
Error(1): Lexer Stuck, discarding 1 byte ('SK_IMG_INF') - state RECURSIVE_STRUCT
Error(1): Lexer Stuck, discarding 1 byte ('K_IMG_INFO') - state RECURSIVE_STRUCT
Error(1): Lexer Stuck, discarding 1 byte ('_IMG_INFO ') - state RECURSIVE_STRUCT
Error(1): Lexer Stuck, discarding 1 byte ('IMG_INFO *') - state RECURSIVE_STRUCT
@sbrun please have a look if the changes in https://github.com/py4n6/pytsk/pull/72 solve the issue reported in log2timeline/dfvfs#544
@joachimmetz I have tested the patch and yes it fixes the issue I had with dfvfs. Thank you very much! I can import the patch in the Debian package or maybe you plan to release soon a new pytsk version ?
I can import the patch in the Debian package or maybe you plan to release soon a new pytsk version ?
Plan, yes. When? not sure yet depends on other priorities. So including patch in the Debian package is the quickest to address the issue on your side
pre-release for testing purposes https://github.com/py4n6/pytsk/releases/tag/20210130
Related: