@bcarrier @rcordovano PTAL

Hi @joachimmetz. I'm testing this on some APFS images. For the 2 I've tested until now, it seems to freeze FS transversal at the very beginning, not sure if it is forever or if it became very slow at some point, I canceled the decoding after some dozens of minutes.

any test image you can share? or test case to reproduce as part of https://github.com/dfirlabs/apfs-specimens? The thing is there are no unit tests for TSK and I use its APFS functionality VERY SPORADIC.

Unfortunately they are real case images... I'm not experienced with C code debugging, but If you could point me some tutorial to get some thread dump/stacktrace at the freezing point, I can try to execute the procedure.

one option is to use fls -v (with and without patches) and see where it errors and then use fsapfsinfo with debug info to see what data structures TSK might no longer be fully parsing.

I'm not experienced with C code debugging,

this highly depends on the coding style as well, TSK APFS is C++ heavy with use of templating, so hard to debug (and maintain)

Can you rebase this with the current develop and trigger the self-tests?

rebased with develop branch

@simsong PTAL if/how these changes can provide better error condition feedback to the user

Codecov Report

❌ Patch coverage is 0% with 4 lines in your changes missing coverage. Please review.
✅ Project coverage is 31.64%. Comparing base (4bda7cd) to head (1dfe072).

@@           Coverage Diff            @@
##           develop    #2803   +/-   ##
========================================
  Coverage    31.64%   31.64%           
========================================
  Files          192      192           
  Lines        43149    43151    +2     
========================================
+ Hits         13653    13655    +2     
  Misses       29496    29496