Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Winlogbeat - fix large message panic for Windows Vista and newer #1499
Fix panic that occurs when reading a large events on Windows Vista and newer.
This occurs in an error recovery path so in order for the panic to occur, first there had to have been an error rendering the event as XML with the event message string. When that error occurs Winlogbeat tries to render the event as XML, but without the message string. If the XML was larger than half the buffer size a panic would occur.
The cause was invalid handling of the "BufferUsed [out]" parameter value. The value specifies the number of bytes in this case and it was treated as if it where the number of characters. This is opposite of the behavior of FormatMessage() used in earlier versions of Windows which returns the number of characters rather than bytes.