id	summary	reporter	owner	description	type	status	milestone	component	version	severity	resolution	keywords	cc
1393	Script crashes with error reported in EventLog.au3 at line 475	jonwetherbee@…	Jpm	"My Usage:
Script uses EventLog.au3 to access remote event logs.  The task is to simply open, read all available records, and close the log.

Problem:
Shortly after starting, script crashes reporting an error at line 475 of EventLog.au3 involving use of a subscript with a non-array variable.  This code assumes _Security__LookupAccountSid only returns  an array.  In fact, _Security__LookupAccountSid can return zero.
			
Initial Solution:
Change the code in EventLog.au3 line 475 to test for an array before using it.


Below are the two functions involved in the problem.  The first is _EventLog__DecodeUserName from EventLog.au3 - where the error is.  The second is _Security__LookupAccountSid from Security.au3 for reference only.


######################################################
	REFERENCE:  (Taken from EventLog.au3)
######################################################

Note that _EventLog__DecodeUserName assumes _Security__LookupAccountSid 
will always returns an array.

; #INTERNAL_USE_ONLY# ===========================================================================================================
; Name...........: _EventLog__DecodeUserName
; Description ...: Decodes the user name from an event log record
; Syntax.........: _EventLog__DecodeUserName($tEventLog)
; Parameters ....: $tEventLog   - tagEVENTLOGRECORD structure
; Return values .: Success      - User name
; Author ........: Paul Campbell (PaulIA)
; Modified.......: Gary Frost (gafrost)
; Remarks .......: This function is used internally
; Related .......:
; Link ..........:
; Example .......:
; ===============================================================================================================================
Func _EventLog__DecodeUserName($tEventLog)
	Local $pEventLog = DllStructGetPtr($tEventLog)
	If DllStructGetData($tEventLog, ""UserSidLength"") = 0 Then Return """"
	Local $pAcctSID = $pEventLog + DllStructGetData($tEventLog, ""UserSidOffset"")
	Local $aAcctInfo = _Security__LookupAccountSid($pAcctSID)
	
;	Return $aAcctInfo[1]    [original line 475]					        Revised 5-Jan-2010 - jrw

{{{
	If IsArray($aAcctInfo) Then Return $aAcctInfo[1]	Return ''
}}}
EndFunc   ;==>_EventLog__DecodeUserName



######################################################
	REFERENCE:  (Taken from Security.au3)
######################################################

Note that _Security__LookupAccountSid MAY NOT return an array.
                                      =======

; #FUNCTION# ====================================================================================================================
; Name...........: _Security__LookupAccountSid
; Description ...: Retrieves the name of the account for a SID
; Syntax.........: _Security__LookupAccountSid($vSID)
; Parameters ....: $vSID        - Either a binary SID or a string SID
; Return values .: Success      - Array with the following format:
;                  |$aAcct[0] - Account name
;                  |$aAcct[1] - Domain name
;                  |$aAcct[2] - SID type, which can be one of the following values:
;                  | 1 - Indicates a user SID
;                  | 2 - Indicates a group SID
;                  | 3 - Indicates a domain SID
;                  | 4 - Indicates an alias SID
;                  | 5 - Indicates a SID for a well-known group
;                  | 6 - Indicates a SID for a deleted account
;                  | 7 - Indicates an invalid SID
;                  | 8 - Indicates an unknown SID type
;                  | 9 - Indicates a SID for a computer
;                  Failure      - 0
; Author ........: Paul Campbell (PaulIA)
; Modified.......:
; Remarks .......:
; Related .......: _Security__LookupAccountName, _Security__GetAccountSid
; Link ..........: @@MsdnLink@@ LookupAccountSid
; Example .......:
; ===============================================================================================================================
Func _Security__LookupAccountSid($vSID)
	Local $pSID, $aAcct[3]

	If IsString($vSID) Then
		Local $tSID = _Security__StringSidToSid($vSID)
		$pSID = DllStructGetPtr($tSID)
	Else
		$pSID = $vSID
	EndIf
	If Not _Security__IsValidSid($pSID) Then Return SetError(-1, 0, 0)

	Local $aResult = DllCall(""advapi32.dll"", ""bool"", ""LookupAccountSidW"", ""ptr"", 0, ""ptr"", $pSID, ""wstr"", """", ""dword*"", 256, _
			""wstr"", """", ""dword*"", 256, ""int*"", 0)
	If @error Then Return SetError(@error, @extended, 0)
	If Not $aResult[0] Then Return 0

	Local $aAcct[3]
	$aAcct[0] = $aResult[3]		; Name
	$aAcct[1] = $aResult[5]		; Domain
	$aAcct[2] = $aResult[7]		; SNU
	Return $aAcct
EndFunc   ;==>_Security__LookupAccountSid

"	Bug	closed	3.3.3.2	Standard UDFs	3.3.2.0	None	Fixed