-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x-pack/winlogbeat: windows-11TestSecurity/4707_WindowsSrv2016.evtx – github.com/elastic/beats/v7/x-pack/winlogbeat/module/security/test #32469
Comments
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
This looks like a buffer overflow; the there is a STATUS_ACCESS_VIOLATION write at 0xc000eb43d6 which looks most likely to be targetting the caller-allocated buffer (0xc000eb3b00 in the stack trace). The overrun is by about 2×, so maybe this is a utf16 v byte confusion? Though that already seems to be taken into account, so it seems unlikely. |
@efd6 I think I've found the error.
Passing the original I guess Windows 11 may be zeroing the whole buffer we pass. |
Nice work. |
A panic was observed on Windows 2022 after using the returned bufferUsed value to index into the buffer allocated on the Winlogbeat side. The returned value was larger than the buffer. We saw a similar issue previously on elastic#32469 and we the fix here is similar. I have also done some refactoring to remove the usage of the "render buffer". Instead of requiring callers to pass in a buffer we will use a buffer obtained from a sync.Pool.
Flaky Test
Stack Trace
Build logs
The text was updated successfully, but these errors were encountered: