diff --git a/plugins/in_winevtlog/winevtlog.c b/plugins/in_winevtlog/winevtlog.c index b67565a666b..90c3b19b13d 100644 --- a/plugins/in_winevtlog/winevtlog.c +++ b/plugins/in_winevtlog/winevtlog.c @@ -289,25 +289,36 @@ DWORD render_system_event(EVT_HANDLE event, PEVT_VARIANT *system, unsigned int * PWSTR get_message(EVT_HANDLE metadata, EVT_HANDLE handle, unsigned int *message_size) { WCHAR* buffer = NULL; + WCHAR* previous_buffer = NULL; DWORD status = ERROR_SUCCESS; - DWORD buffer_size = 0; + DWORD buffer_size = 512; DWORD buffer_used = 0; LPVOID format_message_buffer; WCHAR* message = NULL; char *error_message = NULL; + buffer = flb_malloc(sizeof(WCHAR) * buffer_size); + if (!buffer) { + flb_error("failed to premalloc message buffer"); + + goto cleanup; + } + // Get the size of the buffer if (!EvtFormatMessage(metadata, handle, 0, 0, NULL, EvtFormatMessageEvent, buffer_size, buffer, &buffer_used)) { status = GetLastError(); if (ERROR_INSUFFICIENT_BUFFER == status) { buffer_size = buffer_used; - buffer = flb_malloc(sizeof(WCHAR) * buffer_size); + previous_buffer = buffer; + buffer = flb_realloc(previous_buffer, sizeof(WCHAR) * buffer_size); if (!buffer) { flb_error("failed to malloc message buffer"); + flb_free(previous_buffer); goto cleanup; } + if (!EvtFormatMessage(metadata, handle, 0xffffffff,