Changes to support missing computer name

libyal · Sep 27, 2024 · 22e208e · 22e208e
1 parent a42edfa
commit 22e208e
Show file tree

Hide file tree

Showing 5 changed files with 497 additions and 294 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -20,6 +20,9 @@ jobs:
         - architecture: 'x64'
           compiler: 'gcc'
           configure_options: ''
+        - architecture: 'x64'
+          compiler: 'gcc'
+          configure_options: '--with-pthread=no'
         - architecture: 'x64'
           compiler: 'gcc'
           configure_options: '--enable-wide-character-type'

diff --git a/.github/workflows/build_ossfuzz.yml b/.github/workflows/build_ossfuzz.yml
@@ -30,6 +30,6 @@ jobs:
         head -n 20 projects/libyal/Dockerfile > projects/libevtx/Dockerfile
         echo "RUN git clone --depth 1 https://github.com/libyal/libevtx.git libevtx" >> projects/libevtx/Dockerfile
         tail -n 3 projects/libyal/Dockerfile >> projects/libevtx/Dockerfile
-        python3 infra/helper.py build_image --pull libevtx 
+        python3 infra/helper.py build_image --pull libevtx
         python3 infra/helper.py build_fuzzers --sanitizer address libevtx
         python3 infra/helper.py check_build libevtx
diff --git a/configure.ac b/configure.ac
@@ -2,7 +2,7 @@ AC_PREREQ([2.71])
 
 AC_INIT(
  [libevtx],
- [20240629],
+ [20240927],
  [[email protected]])
 
 AC_CONFIG_SRCDIR(

diff --git a/documentation/Windows XML Event Log (EVTX).asciidoc b/documentation/Windows XML Event Log (EVTX).asciidoc
@@ -76,6 +76,7 @@ April 2012 | Additional information.
 | 0.0.23 | J.B. Metz | December 2023 | Updated references and additional information about SystemResources directory.
 | 0.0.24 | J.B. Metz | January 2024 | Additional information about parameter message files.
 | 0.0.25 | J.B. Metz | April 2024 | Additional information about dependency identifier.
+| 0.0.26 | J.B. Metz | September 2024 | Additional information regarding format edge case with thanks to J. Solomon.
 |===
 
 :numbered:
@@ -1829,6 +1830,11 @@ The approach is to start scanning for recoverable event records until a correct
 chunk header is found or the end of file is reached. Any event records found
 are considered recovered.
 
+=== Empty computer name
+
+It is not clear if this is a corruption scenario or an undesirable edge case.
+It has been observed that the format allows for the computer value to be empty.
+
 == Notes
 
 === Normal behavior