Fix invalid read at CleanMSG

[cristgl]

This PR fixes the next invalid read:

==1724== Invalid read of size 1
==1724==    at 0x128411: OS_CleanMSG (cleanevent.c:70)
==1724==    by 0x1330C6: w_decode_event_thread (analysisd.c:2012)
==1724==    by 0x585C6DA: start_thread (pthread_create.c:463)
==1724==    by 0x5B9588E: clone (clone.S:95)
==1724==  Address 0x72da740 is 0 bytes after a block of size 16 alloc'd
==1724==    at 0x4C2FB0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==1724==    by 0x5B119B9: strdup (strdup.c:42)
==1724==    by 0x13220C: ad_input_main (analysisd.c:1687)
==1724==    by 0x585C6DA: start_thread (pthread_create.c:463)
==1724==    by 0x5B9588E: clone (clone.S:95)

The code was intended to fix the next specific log with an umlaut: Mär 02 17:30:52.
This character is stored in two bytes, 195 164, and the message received at CleanMSG has 4 bytes as minimum. Accessing pieces[1] could cause an invalid read as the message would have 5 bytes counting the id. To fix it, the length of the log has to be higher than 4, because Mär counts as 4 bytes.

[vikman90]

Hi @cristgl,

Why loglen must be greater or equal than 5?
I would say that it must be 2:

Let pieces be { 195, 164, 0 }.
strlen(pieces) = 2
_loglen = strlen(pieces) + 1 = 3

loglen = 3 guarantees that pieces[0], pieces[1] and pieces[2] are defined.

if (loglen >= 3 && pieces[1] == 195 && pieces[2] == 164) { ... }

I think it fits. Am I wrong? Please clarify your example.

Cheers!

[cristgl]

Hi @vikman90,

You are completely right, I was taking into account the 'id' because somehow I thought loglen was counting the string composed by "id:msg". Thank you for your observation.

Cheers

[vikman90]

It makes much sense now.
LGTM!