Summary
Fix a potential division by zero crash in the intHandler signal
handler when Sysmon is stopped before processing any events
(totalEvents == 0).
Problem
In intHandler(), the following line:
printf("Total events: %ld, bad events: %ld, ratio = %f\n",
totalEvents, badEvents, (double)badEvents / totalEvents);
...will produce a division by zero (resulting in NaN or crash) if
Sysmon is interrupted immediately after startup before any eBPF
events are received.
Fix
Guard the division with a ternary check:
(double)badEvents / totalEvents
→
totalEvents > 0 ? (double)badEvents / totalEvents : 0.0
Testing
- Start Sysmon and immediately send SIGINT (Ctrl+C)
- Confirm clean output showing ratio = 0.000000 instead of crash/NaN
Notes
- No functional change to normal operation
- Zero risk of regression
- Fixes undefined behavior per C standard (integer division by zero)
Summary
Fix a potential division by zero crash in the
intHandlersignalhandler when Sysmon is stopped before processing any events
(totalEvents == 0).
Problem
In
intHandler(), the following line:...will produce a division by zero (resulting in NaN or crash) if
Sysmon is interrupted immediately after startup before any eBPF
events are received.
Fix
Guard the division with a ternary check:
Testing
Notes