ID: 6190
Title: Win-agent: prevent unsigned integer overflow in process uptime
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 1.6.0i1
The process uptimes for Windows are calculated by subtracting the process
creation time from the current system time. Under certain circumstances,
setting up the system clock e. g. with daylight saving time has led to a
situation where some processes have reported a creation time with false
offset and an unsigned integer overflow through negative subtraction result.
This has further led to the crash of the ps check.
The unsigned integer overflow is now prevented by checking the result of the
subtraction and, in case of a negative value, logging it as an error and
setting the process uptime to the default value 1.