Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Winlogbeat - fix large message panic for WinXP/2003 #1498

Merged
merged 1 commit into from Apr 27, 2016

Conversation

Projects
None yet
2 participants
@andrewkroh
Copy link
Member

commented Apr 26, 2016

Fix panic when reading messages larger than 32K characters on XP and 2003.

Winlogbeat was passing the size of the buffer to Windows using number of bytes, but Windows was expecting number of TCHAR's. This made Windows return that the number of TCHARs read was greater than the number that the buffer could hold. Winlogbeat used the return value to read from the buffer which caused a 'runtime error: slice bounds out of range' panic.

The buffer length issue has been corrected by dividing by sizeof(TCHAR) which is 2. In addition a check has been added to verify that the return value from Windows is sane before using it to slice the buffer.

Reported here: https://discuss.elastic.co/t/report-a-bug-of-winlogbeat-5-0-0-alpha1-windows-32/47550

Fix panic when reading messages larger than 32K characters on Windows…
… XP and 2003.

Winlogbeat was passing the size of the buffer to Windows using number of bytes, but Windows was expecting number of TCHAR's. This made Windows return that the number of TCHARs read was greater than the number that the buffer could hold. Winlogbeat used the return value to read from the buffer which caused a 'runtime error: slice bounds out of range' panic.

The buffer length issue has been corrected by dividing by sizeof(TCHAR) which is 2. In addition a check has been added to verify that the return value from Windows is sane before using it to slice the buffer.
&buffer[0],
uint32(len(buffer)),
&buffer[0], // Max size allowed is 64k bytes.
uint32(len(buffer)/2), // Size of buffer in TCHARS

This comment has been minimized.

Copy link
@andrewkroh

andrewkroh Apr 26, 2016

Author Member

This line was the true culprit.

@ruflin ruflin merged commit 498a22f into elastic:master Apr 27, 2016

4 checks passed

CLA Commit author has signed the CLA
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
default Build finished.
Details

@andrewkroh andrewkroh deleted the andrewkroh:bugfix/eventlogging-format-panic branch May 4, 2016

andrewkroh added a commit to andrewkroh/beats that referenced this pull request May 9, 2016

tsg added a commit that referenced this pull request May 9, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.