From 4f2a574a84a3ee3d327ac41e5019664122c987ec Mon Sep 17 00:00:00 2001 From: rabbitstack Date: Fri, 3 Jan 2025 17:30:47 +0100 Subject: [PATCH] fix(filter): Call stack frame bound checks Add more defensive checks against frame bounds to prevent accessing the frame that is out of bounds of the callstack. --- pkg/filter/accessor_windows.go | 8 +++++++- pkg/filter/filter_test.go | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/pkg/filter/accessor_windows.go b/pkg/filter/accessor_windows.go index 59756585e..457ce1189 100644 --- a/pkg/filter/accessor_windows.go +++ b/pkg/filter/accessor_windows.go @@ -667,10 +667,12 @@ func callstackFields(field string, kevt *kevent.Kevent) (kparams.Value, error) { if kevt.Callstack.IsEmpty() { return nil, nil } + key, segment := captureInBrackets(field) if key == "" || segment == "" { return nil, nil } + var i int switch key { case frameUStart: @@ -702,9 +704,13 @@ func callstackFields(field string, kevt *kevent.Kevent) (kparams.Value, error) { } } - if i > kevt.Callstack.Depth() || i < 0 { + if i >= kevt.Callstack.Depth() { + i = kevt.Callstack.Depth() - 1 + } + if i < 0 { i = 0 } + f := kevt.Callstack[i] switch segment { diff --git a/pkg/filter/filter_test.go b/pkg/filter/filter_test.go index 428e56ed3..d56474b07 100644 --- a/pkg/filter/filter_test.go +++ b/pkg/filter/filter_test.go @@ -368,7 +368,7 @@ func TestThreadFilter(t *testing.T) { {`thread.callstack[uend].address = '7ffb5c1d0396'`, true}, {`thread.callstack[kstart].address = 'fffff8072ebc1f6f'`, true}, {`thread.callstack[kend].address = 'fffff8072eb8961b'`, true}, - {`thread.callstack[112222].address = '2638e59e0a5'`, true}, + {`thread.callstack[112222].address = 'fffff8072eb8961b'`, true}, {`thread.callstack[2].symbol = 'Java_java_lang_ProcessImpl_create'`, true}, {`thread.callstack[2].offset = 266`, true}, {`thread.callstack[2].module = 'C:\\Program Files\\JetBrains\\GoLand 2021.2.3\\jbr\\bin\\java.dll'`, true},