[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Török Edvin
edwin at clamav.net
Sun Apr 4 01:22:48 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit aa745db74d87f9d5646346517b0f3495de67943a
Author: Török Edvin <edwin at clamav.net>
Date: Fri Mar 12 13:13:08 2010 +0200
Add clamscan commandline to load bytecode in debug mode.
diff --git a/clamscan/manager.c b/clamscan/manager.c
index 62dc621..1460297 100644
--- a/clamscan/manager.c
+++ b/clamscan/manager.c
@@ -401,6 +401,9 @@ int scanmanager(const struct optstruct *opts)
if(optget(opts, "leave-temps")->enabled)
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
+ if(optget(opts, "trust-loaded-bytecode")->enabled)
+ cl_engine_set_num(engine, CL_ENGINE_BYTECODE_SECURITY, CL_BYTECODE_TRUST_ALL);
+
if((opt = optget(opts, "tempdir"))->enabled) {
if((ret = cl_engine_set_str(engine, CL_ENGINE_TMPDIR, opt->strarg))) {
logg("!cli_engine_set_str(CL_ENGINE_TMPDIR) failed: %s\n", cl_strerror(ret));
diff --git a/libclamav/c++/ClamBCRTChecks.cpp b/libclamav/c++/ClamBCRTChecks.cpp
index fe6d4ff..a6024a2 100644
--- a/libclamav/c++/ClamBCRTChecks.cpp
+++ b/libclamav/c++/ClamBCRTChecks.cpp
@@ -101,6 +101,7 @@ namespace {
}
if (!valid) {
+ DEBUG(F.dump());
ClamBCModule::stop("Verification found errors!", &F, 0);
// replace function with call to abort
std::vector<const Type*>args;
@@ -230,8 +231,17 @@ namespace {
const Type *Ty;
Value *V = PT->computeAllocationCountValue(Base, Ty);
- if (!V)
- return BoundsMap[Base] = 0;
+ if (!V) {
+ Base = Base->stripPointerCasts();
+ if (CallInst *CI = dyn_cast<CallInst>(Base)) {
+ Function *F = CI->getCalledFunction();
+ if (F && F->getName().equals("malloc") && F->getFunctionType()->getNumParams() == 2) {
+ V = CI->getOperand(2);
+ }
+ }
+ if (!V)
+ return BoundsMap[Base] = 0;
+ }
unsigned size = TD->getTypeAllocSize(Ty);
if (size > 1) {
Constant *C = cast<Constant>(V);
@@ -346,10 +356,11 @@ namespace {
// get base
Value *Base = getPointerBase(Pointer);
+ Value *SBase = Base->stripPointerCasts();
// get bounds
- Value *Bounds = getPointerBounds(Base);
+ Value *Bounds = getPointerBounds(SBase);
if (!Bounds) {
- errs() << "No bounds for base " << *Base << "\n";
+ errs() << "No bounds for base " << *SBase << "\n";
errs() << " while checking access to " << *Pointer << " of length "
<< *Length << " at " << *I << "\n";
diff --git a/libclamav/c++/GenList.pl b/libclamav/c++/GenList.pl
index 794f2a9..df7ac75 100755
--- a/libclamav/c++/GenList.pl
+++ b/libclamav/c++/GenList.pl
@@ -9,7 +9,7 @@ my %compdeps;
my @codegencomponents = ('x86codegen','powerpccodegen','armcodegen');
my @allnonsys = ('support','jit','fullcodegen', at codegencomponents);
my @allcomponents= ('system', at allnonsys);
-my $allJIT="jit core lib/Support/SourceMgr.o lib/Analysis/PointerTracking.o";
+my $allJIT="jit core lib/Support/SourceMgr.o lib/Analysis/PointerTracking.o lib/Transforms/Scalar/DCE.o";
for my $component (@allcomponents) {
$/ = " ";
$component =~ s/^fullcodegen/codegen interpreter jit target/;
diff --git a/libclamav/c++/Makefile.am b/libclamav/c++/Makefile.am
index 7647115..a23dfa5 100644
--- a/libclamav/c++/Makefile.am
+++ b/libclamav/c++/Makefile.am
@@ -512,6 +512,7 @@ libllvmjit_la_SOURCES=\
llvm/lib/Target/TargetLoweringObjectFile.cpp\
llvm/lib/Target/TargetMachine.cpp\
llvm/lib/Target/TargetRegisterInfo.cpp\
+ llvm/lib/Transforms/Scalar/DCE.cpp\
llvm/lib/VMCore/AsmWriter.cpp\
llvm/lib/VMCore/Attributes.cpp\
llvm/lib/VMCore/AutoUpgrade.cpp\
diff --git a/libclamav/c++/Makefile.in b/libclamav/c++/Makefile.in
index ff02fd3..1f93e8d 100644
--- a/libclamav/c++/Makefile.in
+++ b/libclamav/c++/Makefile.in
@@ -298,7 +298,7 @@ am_libllvmjit_la_OBJECTS = AliasAnalysis.lo BasicAliasAnalysis.lo \
circular_raw_ostream.lo raw_ostream.lo Mangler.lo \
SubtargetFeature.lo TargetData.lo TargetInstrInfo.lo \
TargetLoweringObjectFile.lo TargetMachine.lo \
- TargetRegisterInfo.lo AsmWriter.lo Attributes.lo \
+ TargetRegisterInfo.lo DCE.lo AsmWriter.lo Attributes.lo \
AutoUpgrade.lo BasicBlock.lo ConstantFold.lo Constants.lo \
Core.lo Dominators.lo Function.lo GVMaterializer.lo Globals.lo \
IRBuilder.lo InlineAsm.lo Instruction.lo Instructions.lo \
@@ -1271,6 +1271,7 @@ libllvmjit_la_SOURCES = \
llvm/lib/Target/TargetLoweringObjectFile.cpp\
llvm/lib/Target/TargetMachine.cpp\
llvm/lib/Target/TargetRegisterInfo.cpp\
+ llvm/lib/Transforms/Scalar/DCE.cpp\
llvm/lib/VMCore/AsmWriter.cpp\
llvm/lib/VMCore/Attributes.cpp\
llvm/lib/VMCore/AutoUpgrade.cpp\
@@ -1780,6 +1781,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/Core.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/CriticalAntiDepBreaker.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/DAGCombiner.Plo at am__quote@
+ at AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/DCE.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/DIE.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/DeadMachineInstructionElim.Plo at am__quote@
@AMDEP_TRUE@@am__include@ @am__quote at ./$(DEPDIR)/Debug.Plo at am__quote@
@@ -4499,6 +4501,14 @@ TargetRegisterInfo.lo: llvm/lib/Target/TargetRegisterInfo.cpp
@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCXX_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o TargetRegisterInfo.lo `test -f 'llvm/lib/Target/TargetRegisterInfo.cpp' || echo '$(srcdir)/'`llvm/lib/Target/TargetRegisterInfo.cpp
+DCE.lo: llvm/lib/Transforms/Scalar/DCE.cpp
+ at am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT DCE.lo -MD -MP -MF $(DEPDIR)/DCE.Tpo -c -o DCE.lo `test -f 'llvm/lib/Transforms/Scalar/DCE.cpp' || echo '$(srcdir)/'`llvm/lib/Transforms/Scalar/DCE.cpp
+ at am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/DCE.Tpo $(DEPDIR)/DCE.Plo
+ at am__fastdepCXX_FALSE@ $(AM_V_CXX) @AM_BACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='llvm/lib/Transforms/Scalar/DCE.cpp' object='DCE.lo' libtool=yes @AMDEPBACKSLASH@
+ at AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+ at am__fastdepCXX_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o DCE.lo `test -f 'llvm/lib/Transforms/Scalar/DCE.cpp' || echo '$(srcdir)/'`llvm/lib/Transforms/Scalar/DCE.cpp
+
AsmWriter.lo: llvm/lib/VMCore/AsmWriter.cpp
@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT AsmWriter.lo -MD -MP -MF $(DEPDIR)/AsmWriter.Tpo -c -o AsmWriter.lo `test -f 'llvm/lib/VMCore/AsmWriter.cpp' || echo '$(srcdir)/'`llvm/lib/VMCore/AsmWriter.cpp
@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/AsmWriter.Tpo $(DEPDIR)/AsmWriter.Plo
diff --git a/libclamav/c++/bytecode2llvm.cpp b/libclamav/c++/bytecode2llvm.cpp
index 19a042e..bb3f8fd 100644
--- a/libclamav/c++/bytecode2llvm.cpp
+++ b/libclamav/c++/bytecode2llvm.cpp
@@ -610,7 +610,8 @@ public:
}
// The hidden ctx param to all functions
- const Type *HiddenCtx = PointerType::getUnqual(Type::getInt8Ty(Context));
+ unsigned maxh = cli_globals[0].offset + sizeof(struct cli_bc_hooks);
+ const Type *HiddenCtx = PointerType::getUnqual(ArrayType::get(Type::getInt8Ty(Context), maxh));
globals.reserve(bc->num_globals);
BitVector FakeGVs;
@@ -697,9 +698,14 @@ public:
continue;
unsigned g = bc->globals[i][1];
unsigned offset = GVoffsetMap[g];
+
Constant *Idx = ConstantInt::get(Type::getInt32Ty(Context),
offset);
- Value *GEP = Builder.CreateInBoundsGEP(Ctx, Idx);
+ Value *Idxs[2] = {
+ ConstantInt::get(Type::getInt32Ty(Context), 0),
+ Idx
+ };
+ Value *GEP = Builder.CreateInBoundsGEP(Ctx, Idxs, Idxs+2);
const Type *Ty = GVtypeMap[g];
Ty = PointerType::getUnqual(PointerType::getUnqual(Ty));
Value *Cast = Builder.CreateBitCast(GEP, Ty);
@@ -1127,7 +1133,7 @@ public:
delete TypeMap;
std::vector<const Type*> args;
args.clear();
- args.push_back(PointerType::getUnqual(Type::getInt8Ty(Context)));
+ args.push_back(HiddenCtx);
FunctionType *Callable = FunctionType::get(Type::getInt32Ty(Context),
args, false);
for (unsigned j=0;j<bc->num_func;j++) {
@@ -1365,10 +1371,12 @@ int cli_bytecode_prepare_jit(struct cli_all_bc *bcs)
OurFPM.add(new TargetData(*EE->getTargetData()));
// Promote allocas to registers.
OurFPM.add(createPromoteMemoryToRegisterPass());
+ OurFPM.add(createDeadCodeEliminationPass());
OurFPM.doInitialization();
//TODO: create a wrapper that calls pthread_getspecific
- const Type *HiddenCtx = PointerType::getUnqual(Type::getInt8Ty(bcs->engine->Context));
+ unsigned maxh = cli_globals[0].offset + sizeof(struct cli_bc_hooks);
+ const Type *HiddenCtx = PointerType::getUnqual(ArrayType::get(Type::getInt8Ty(bcs->engine->Context), maxh));
LLVMTypeMapper apiMap(bcs->engine->Context, cli_apicall_types, cli_apicall_maxtypes, HiddenCtx);
Function **apiFuncs = new Function *[cli_apicall_maxapi];
diff --git a/shared/optparser.c b/shared/optparser.c
index c8dd78c..a248375 100644
--- a/shared/optparser.c
+++ b/shared/optparser.c
@@ -122,6 +122,7 @@ const struct clam_option __clam_options[] = {
{ NULL, "force-interpreter", 'f', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Force using the interpreter instead of the JIT", "" },
{ NULL, "trust-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMBC, "Trust loaded bytecode (default yes)", ""},
+ { NULL, "trust-loaded-bytecode", 't', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMSCAN, "Trust loaded bytecode (default: only if signed)", ""},
{ NULL, "info", 'i', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Load and print bytecode information without executing", ""},
{ NULL, "printsrc", 'p', TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMBC, "Print source code of bytecode", ""},
{ NULL, "input", 'i', TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMBC, "Input file to run the bytecode n", ""},
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list