Segfault after long run-time on Windows #155
Description
I don't have a solid reproducer for this, but we're running into a weird issue where libkqueue eventually segfaults due to an access violation:
> zeek.exe!windows_kevent_copyout(kqueue * kq, int nready, kevent * eventlist, int nevents) Line 143 C
zeek.exe!kevent(int kqfd, const kevent * changelist, int nchanges, kevent * eventlist, int nevents, const timespec * timeout) Line 451 C
It appears that the data in iocp_buf.overlap in windows_kevent_copyout is invalid, and when it gets typecasted and then used as an array to get the filter data results in the filter pointing at invalid memory.
The event list here only has one entry, which is the one causing the crash:
| Name | Value | Type | |
|---|---|---|---|
| ident | 492 | unsigned __int64 | |
| filter | -1 | short | |
| flags | 1 | unsigned short | |
| fflags | 0 | unsigned int | |
| data | 0 | __int64 | |
| udata | 0x0000000000000000 | void * |
It's only crashing on Windows. Running the same data through our software on Linux and macOS completes successfully. Any ideas on how to start even chasing this down? I can provide KQUEUE_DEBUG logs but they're very long. The crash occurs at the same point in the code every time, but not necessarily the same runtime (once it crashed after 1326 polls, the next after 1310).