[#ZBX-8327] Possible agent crash when processing eventlog records

[ZBX-8327] Possible agent crash when processing eventlog records Created: 2014 Jun 10 Updated: 2017 May 30 Resolved: 2014 Jun 10
Status:	Closed
Project:	ZABBIX BUGS AND ISSUES
Component/s:	Agent (G)
Affects Version/s:	2.0.12, 2.2.3
Fix Version/s:	2.0.13rc1, 2.2.4rc1, 2.3.2

Type:

Incident report

Priority:

Critical

Reporter:

Andris Zeila

Assignee:

Unassigned

Resolution:

Fixed

Votes:

Labels:

crash, windows

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Windows

Issue Links:

Duplicate

Description

When translating eventlog message insert strings the size of allocated array is based on EVENTLOGRECORD.NumStrings, which apparently might not have the correct value, resulting in crash.

Comments

Comment by Andris Zeila [ 2014 Jun 10 ]

From MSDN:

Some event sources seem to set NumStrings to a value less than the number of placeholders in the message file. If you use this value to allocate an array of strings in order to get the full message, the subsequent call to FormatMessage may crash. One possibility is to always assume the maximum number of strings (99) when allocating memory and use memset to ensure that any excess strings will default to NULL.

Comment by Andris Zeila [ 2014 Jun 10 ]

Fixed in development branch svn://svn.zabbix.com/branches/dev/ZBX-8327

Comment by Andris Zeila [ 2014 Jun 10 ]

Released in:
pre-2.0.13rc1 r46339
pre-2.2.4rc1 r46340
pre-2.3.2 r46345

Comment by Andris Zeila [ 2014 Jul 15 ]

The pre-2.3.2 merge contained bug that was fixed in r47311

Generated at Fri Apr 19 09:18:20 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.

[ZBX-8327] Possible agent crash when processing eventlog records Created: 2014 Jun 10 Updated: 2017 May 30 Resolved: 2014 Jun 10