fix(filter): Call stack frame bound checks

Add more defensive checks against frame bounds
to prevent accessing the frame that is out of
bounds of the callstack.

Author: rabbitstack

pkg/filter/accessor_windows.go

@@ -667,10 +667,12 @@ func callstackFields(field string, kevt *kevent.Kevent) (kparams.Value, error) {
 	if kevt.Callstack.IsEmpty() {
 		return nil, nil
 	}
+
 	key, segment := captureInBrackets(field)
 	if key == "" || segment == "" {
 		return nil, nil
 	}
+
 	var i int
 	switch key {
 	case frameUStart:
@@ -702,9 +704,13 @@ func callstackFields(field string, kevt *kevent.Kevent) (kparams.Value, error) {
 		}
 	}
 
-	if i > kevt.Callstack.Depth() || i < 0 {
+	if i >= kevt.Callstack.Depth() {
+		i = kevt.Callstack.Depth() - 1
+	}
+	if i < 0 {
 		i = 0
 	}
+
 	f := kevt.Callstack[i]
 
 	switch segment {

pkg/filter/filter_test.go

@@ -368,7 +368,7 @@ func TestThreadFilter(t *testing.T) {
 		{`thread.callstack[uend].address = '7ffb5c1d0396'`, true},
 		{`thread.callstack[kstart].address = 'fffff8072ebc1f6f'`, true},
 		{`thread.callstack[kend].address = 'fffff8072eb8961b'`, true},
-		{`thread.callstack[112222].address = '2638e59e0a5'`, true},
+		{`thread.callstack[112222].address = 'fffff8072eb8961b'`, true},
 		{`thread.callstack[2].symbol = 'Java_java_lang_ProcessImpl_create'`, true},
 		{`thread.callstack[2].offset = 266`, true},
 		{`thread.callstack[2].module = 'C:\\Program Files\\JetBrains\\GoLand 2021.2.3\\jbr\\bin\\java.dll'`, true},