[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:21:14 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit c074ececc79e07e6d0195b016794e78b6d0db449
Author: Török Edvin <edwin at clamav.net>
Date: Mon Feb 22 14:12:55 2010 +0200
Properly calculate numBytes for interpreter, and protect interpreter from null
derefs.
diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index 965d525..b2219d5 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -24,6 +24,7 @@
#include "clamav-config.h"
#endif
+#include <assert.h>
#include "dconf.h"
#include "clamav.h"
#include "others.h"
@@ -598,6 +599,7 @@ static int parseTypes(struct cli_bc *bc, unsigned char *buffer)
case 3:
ty->kind = (t == 2) ? DPackedStructType : DStructType;
ty->size = ty->align = 0;/* TODO:calculate size/align of structs */
+ ty->align = 8;
parseType(bc, ty, buffer, &offset, len, &ok);
if (!ok) {
cli_errmsg("Error parsing type %u\n", i);
@@ -1386,6 +1388,7 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru
memset(&func, 0, sizeof(func));
func.numInsts = 1;
func.numValues = 1;
+ func.numConstants = 0;
func.numBytes = ctx->bytes;
memset(ctx->values+ctx->bytes-8, 0, 8);
@@ -1487,10 +1490,12 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc)
struct cli_bc_func *bcfunc = &bc->funcs[i];
unsigned totValues = bcfunc->numValues + bcfunc->numConstants + bc->num_globals;
unsigned *map = cli_malloc(sizeof(*map)*totValues);
+ bcfunc->numBytes = 0;
for (j=0;j<bcfunc->numValues;j++) {
uint16_t ty = bcfunc->types[j];
unsigned align;
align = typealign(bc, ty);
+ assert(align);
bcfunc->numBytes = (bcfunc->numBytes + align-1)&(~(align-1));
map[j] = bcfunc->numBytes;
bcfunc->numBytes += typesize(bc, ty);
@@ -1503,6 +1508,7 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc)
for (j=0;j<bc->num_globals;j++) {
uint16_t ty = bc->globaltys[j];
unsigned align = typealign(bc, ty);
+ assert(align);
bcfunc->numBytes = (bcfunc->numBytes + align-1)&(~(align-1));
map[bcfunc->numValues+bcfunc->numConstants+j] = bcfunc->numBytes;
bcfunc->numBytes += typesize(bc, ty);
diff --git a/libclamav/bytecode_vm.c b/libclamav/bytecode_vm.c
index 35191a3..0a04352 100644
--- a/libclamav/bytecode_vm.c
+++ b/libclamav/bytecode_vm.c
@@ -728,6 +728,10 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct
{
const union unaligned_32 *ptr;
READP(ptr, inst->u.unaryop);
+ if (!ptr) {
+ cli_dbgmsg("Bytecode attempted to load from null pointer!\n");
+ return CL_EBYTECODE;
+ }
WRITE32(inst->dest, (ptr->una_u32));
break;
}
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list