[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b

Török Edvin edwin at clamav.net
Sun Apr 4 01:25:49 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 48fc8b985250a610e58890a2345b90a23a95ab87
Author: Török Edvin <edwin at clamav.net>
Date:   Wed Mar 24 14:14:33 2010 +0200

    Leak testcase.

diff --git a/libclamav/bytecode.c b/libclamav/bytecode.c
index b45ad89..719b942 100644
--- a/libclamav/bytecode.c
+++ b/libclamav/bytecode.c
@@ -999,6 +999,12 @@ static uint16_t get_type(struct cli_bc_func *func, operand_t op)
 	return 64;
     return func->types[op];
 }*/
+static int16_t get_optype(const struct cli_bc_func *bcfunc, operand_t op)
+{
+    if (op >= bcfunc->numArgs + bcfunc->numLocals)
+	return 0;
+    return bcfunc->types[op]&0x7fff;
+}
 
 static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char *buffer)
 {
@@ -1156,9 +1162,9 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char
 		}
 	}
 	if (inst.opcode == OP_BC_STORE)
-	    inst.type = bcfunc->types[inst.u.binop[0]]&0x7fff;
+	    inst.type = get_optype(bcfunc, inst.u.binop[0]);
 	if (inst.opcode == OP_BC_COPY)
-	    inst.type = bcfunc->types[inst.u.binop[1]]&0x7fff;
+	    inst.type = get_optype(bcfunc, inst.u.binop[1]);
 	if (!ok) {
 	    cli_errmsg("Invalid instructions or operands\n");
 	    return CL_EMALFDB;
diff --git a/libclamav/bytecode_vm.c b/libclamav/bytecode_vm.c
index 4fd1325..ce22819 100644
--- a/libclamav/bytecode_vm.c
+++ b/libclamav/bytecode_vm.c
@@ -1104,5 +1104,7 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct
     }
 
     cli_stack_destroy(&stack);
+    free(ptrinfos.stack_infos);
+    free(ptrinfos.glob_infos);
     return stop == CL_BREAK ? CL_SUCCESS : stop;
 }
diff --git a/unit_tests/check_bytecode.c b/unit_tests/check_bytecode.c
index e3ade23..1fe5aa6 100644
--- a/unit_tests/check_bytecode.c
+++ b/unit_tests/check_bytecode.c
@@ -202,6 +202,14 @@ START_TEST (test_matchwithread)
 }
 END_TEST
 
+START_TEST (test_pdf)
+{
+    cl_init(CL_INIT_DEFAULT);
+    runtest("input/pdf.cbc", 0, 0, 0, NULL, NULL, NULL, NULL);
+    runtest("input/pdf.cbc", 0, 0, 1, NULL, NULL, NULL, NULL);
+}
+END_TEST
+
 Suite *test_bytecode_suite(void)
 {
     Suite *s = suite_create("bytecode");
@@ -216,5 +224,6 @@ Suite *test_bytecode_suite(void)
     tcase_add_test(tc_cli_arith, test_lsig);
     tcase_add_test(tc_cli_arith, test_inf);
     tcase_add_test(tc_cli_arith, test_matchwithread);
+    tcase_add_test(tc_cli_arith, test_pdf);
     return s;
 }
diff --git a/unit_tests/input/pdf.cbc b/unit_tests/input/pdf.cbc
new file mode 100644
index 0000000..174865a
--- /dev/null
+++ b/unit_tests/input/pdf.cbc
@@ -0,0 +1,51 @@
+ClamBCafhehkmijkd|afefdfggifnf```ca`a```|bhacflfafmfbfcfmb`cnbac`cmbacdcmbgfffdfbcafbfafbc``bccaap`clamcoincidencejb:1412
+.{ClamAV-Test-File-detected-via-bytecode};Target:1;(2&1&0);0:4d5a50000200000004000f00ffff0000;EOF-544:4d5a50000200000004000f00ffff0000;S0+0:4d5a50000200000004000f00ffff0000
+Tedebbgebageb`gebofebnfebmfebgeeblfebkfebjfebdfebcfebbfebheebafeboeebadebcddaeahdakahaaaaaaaa`aabb`bb`baacb`bbadb`baacb`bb`bb`baadb`bbadbadb`bcafahb`fahb`fahb`fcaab`bdb`db`bdbccahdbfaahcamb`bb`bb`ab`abefbffb`bbgfbhfb`bb`bb`bb`bcahb`bb`ab`ab`bb`bb`bb`ab`acboab`aahahb`bb`bb`bb`bb`bb`bb`bb`bb`bb`ab`ab`ab`ab`ab`ab`bb`bb`bb`bb`ab`ab`bb`bb`bb`bb`bb`bbhfcbnab`aahahb`bb`bb`bb`bb`bb`db`bb`bb`ab`ab`ab`ab`ab`ab`bb`bb`bb`bb`ab`ab`db`db`db`db`bb`bbhfdb`abifcabb`bb`bdbeaahdbnbahdbkaahdbfbahdbibahdbcbahdaabaddbgbahdaaah
+Ebjbagbjbbke|bbabfigdgefcfofdfefoebgdgoeefbgbgofbg``agbke|baadfefbfeggfoe`gbgifnfdgoeegifnfdg``aobke|ak`gefoebgafggafdfdfbg``afble|b`adfefbfeggfoe`gbgifnfdgoecgdgbg``abble|aebgefafdf``adbme|aecgefefkf``aeble|amcgefdgfgifbgegcgnfafmfef``
+Gdc``hbfb`@`bbg@`bagBcdBlfBafBmfBadBfeBmbBdeBefBcgBdgBmbBfdBifBlfBefBmbBdfBefBdgBefBcfBdgBefBdfBmbBfgBifBafBmbBbfBigBdgBefBcfBofBdfBef@`b`g at Ab`b`aAa`bofB`cBjcBdcBdfBecBafBecB`cB`cB`cB`cBbcB`cB`cB`cB`cB`cB`cB`cBdcB`cB`cB`cBffB`cB`cBffBffBffBffB`cB`cB`cB`c@`bnfBedBodBfdBmbBecBdcBdcBjcBdcBdfBecBafBecB`cB`cB`cB`cBbcB`cB`cB`cB`cB`cB`cB`cBdcB`cB`cB`cBffB`cB`cBffBffBffBffB`cB`cB`cB`c@`bmfBceB`cBkbB`cBjcBdcBdfBecBafBecB`cB`cB`cB`cBbcB`cB`cB`cB`cB`cB`cB`cBdcB`cB`cB`cBffB`cB`cBffBffBffBffB`cB`cB`cB`c@`b`aCa`a`bgeBedB`eBjcB`b@`blfBcdBofBegBlfBdfBnfBgbBdgB`bBbgBefBafBdfB`bBecB`bBbfBigBdgBefBcgB`bB`dBedB`eAj@`bkfBndBofB`bBgbBmfBofBfgB`bBefBbfBhgBlbB`bBcfBigB`gBhfBefBbgBdgBefBhgBdgBgbB`bBffBofBegBnfBdfB`bBafBdgB`bBefBnfBdgBbgBigB`gBofBifBnfBdgAj@`bjfBfeBadB`bBofBffB`bBcfBigB`gBhfBefBbgBdgBefBhgBdgB`bBifBcgB`b@`bcfBbeBfeBadB`bBofBffB`bBcfBigB`gBhfBefBbgBdgBefBhgBdgB`bBifBcgB`b@`bbfBcdBafBnfBgbBdgB`bBlfBofBcfBafBdgBefB`bBdgBhfBefB`bB`gBhfBifBcgBifBcfBafBlfB`bBofBffBffBcgBefBdgB`bBofBffB`bBdgBhfBefB`bBcfBigB`gBhfBefBbgBdgBefBhgBdg@`bcfBcdBigB`gBhfBefBbgBdgBefBhgBdgB`bBcgBdgBafBbgBdgBcgB`bBafBdgB`b@`bofBcdBafBnfBgbBdgB`bBbgBefBafBdfB`bBacB`cB`bBbfBigBdgBefBcgB`bBofBffB`bBcfBigB`gBhfBefBbgBdgBefBhgBdgAj@`bheBhdBedBldBldBodB`bBgeBodBbeBmd@`boe@@@Aa at Ab`bad at Ab`bad at Ae`bad at Af`bad at Ag`bad at Ai`bad at Aj`bad at Ak`bad at Al`bad at Dc``h`bcdB`dDc``h`bcdAdDc``h`bad at Am`bad at An`bad at Ao`bad at B`a`bad at Baa`bcdAhD```h`bcdAdD```h`bcd at D```h`
+A`b`bLb`dahab`bab`babgeabheab`b`b`b`b`b`b`b`bad`b`b`aa`b`b`bad`ah`aa`b`b`bad`b`b`aa`````b`b`b`b`b`b`b`b`b`b`b`b`b`b`b`b`aa`b`b`b`b`b`b`b`b`bad`b`b`aa`````b`b`ah`b`b`bad`aa`ah`ah`ah`aa```b`b`aa`````bad`b`b`aa`bad```bad`b`b`b`b`b`b```Fbldbaa
+Bb`baegbBma`b`bafabbafBga`@db`bagabaagaeb`bahabbadae at dbadaidbbkdac@db`bajabbabaiAedaaakeab`bajAedTaaakabaa
+Bb`balabbafBha`@dTcab`b at d
+Bbadamdbbkdac at dahangbamaaaoeaahanBkkaTaaaoadac
+Bb`bb`aabbafBia`@dTcab`b at d
+BbadbaadbbkdacAadb`bbbagbbaaaabcalb``bbbbaabTaabcaaeaf
+Bb`babobbbaTbaaf
+Bb`bbfabbabbfab`bbgaabbafBja`@db`bbhaabaagbfab`bbiagbBla`b`bbjab`bfabiab`bbkaabbafBna`@db`bblaabaagbjab`bbmaabaaobjaaabnaeab`bbmaHoooooooodTaabnaagah
+Bb`bboaabbafBoa`@dTcab`b at d
+Bb`bb`babbafB`b`@db`bbababaagbmab`bbbbabbadbma at dbadbcbdbbbead@db`bbdbabbabbcbAjdaabebeab`bbdbAjd``bb at daa``bbBiba`Taabebajai
+Bb`bbhbabbafBab`@dTcab`b at d
+Bahbibbb`bibb`bbjbbbaabjbbadbkbdbbbeadbjbaablbiab`bbjbAkdTaablbakb`a
+Bahbmba`bibAaaahbnbgbbkbahbobm`bnbbmbaab`ciab`bbjbAkdTaab`calb`a
+B``fbbobbkbb`bbbca`bjbAadaabcceab`bbbcAjd``bbbbcaa``bbbob`Taabccamaj
+Bbadbfcdbbbead at db`bbgckbbfcBbb`Ajdaabhceab`bbgc at dTaabhcanao
+BbadbicdbbbeadAjd``fb at abicbadbkcdbbbead@db`bblcabbafbkc at db`bbmcabbaeBca`@dTcab`b at d
+BTcab`b at d
+Bb`bbncababjbDc`ged``mbTmbE
+Sfeidbeeecendadmdedoe`ebeedfdidhehbbbbbibSfeidbeeecendadmdedcehbbbcdlfafmfadfembdeefcgdgmbfdiflfefmbdfefdgefcfdgefdfmbfgifafmbbfigdgefcfofdfefbbibSdeadbegdeddehbacib
+Sobjb`bdehfifcg`bifcg`baflflf`bdfegmfmfig`bcgdgegffff`bjbobSceidgdndaddeeebeedceoeddedcdldoebdedgdidndSddedcdldadbeedoeceidgdndaddeeebeedhbmdjeffbgofmfbdodfdibSddedcdldadbeedoeceidgdndaddeeebeedhbmdjeffbgofmfedodfdib
+ddedcdldadbeedoeceidgdndaddeeebeedhbmdjeffbgofmfce`cibSceidgdndaddeeebeedceoeddedcdldoeedndddSSceidgdndaddeeebeedceoeddedfdoebdedgdidndSddedfdidndedoeceidgdndaddeeebeedhbmdjeffbgofmfbdodfdlb`b`b`b`b`b`b`bbb`cjcdcdfecafec`c`c`c`cbc`c`c`c`c`c`c`cdc`c`c`cff`c`cffffffff`c`c`c`cbbib
+ddedfdidndedoeceidgdndaddeeebeedhbmdjeffbgofmfedodfdlb`bbbedodfdmbecdcdcjcdcdfecafec`c`c`c`cbc`c`c`c`c`c`c`cdc`c`c`cff`c`cffffffff`c`c`c`cbbibSddedfdidndedoeceidgdndaddeeebeedhbmdjeffbgofmfce`clb`b`b`b`b`bbbce`ckb`cjcdcdfecafec`c`c`c`cbc`c`c`c`c`c`c`cdc`c`c`cff`c`cffffffff`c`c`c`cbbib
+ceidgdndaddeeebeedceoeedndddSS`eedoeeend`eadcdkdedbeoeddedcdldadbeedSSbfofoflf`blfofgfifcfaflfoedgbgifgfgfefbghbfgofifdfibSkgSbgefdgegbgnf`bmfafdgcfhfefcghbceifgfnfafdgegbgefcgnbmdjeffbgofmfbdodfdib`bfbfb`bmfafdgcfhfefcghbceifgfnfafdgegbgefcgnbmdjeffbgofmfedodfdib`bfbfb`bmfafdgcfhfefcghbceifgfnfafdgegbgefcgnbmdjeffbgofmfce`cibkc
+mgSobjb`bddegmfmfig`bcgdgegffff`befnfdfcg`bhfefbgef`bjbobSSifnfdg`befnfdgbgig`gofifnfdghbib`bkgSobob`bgdefdg`bdghfef`befnfdgbgig`b`gofifnfdg`bodfdfdceeddeSegifnfdgccbcoedg`bef`g`bmc`bgfefdgednfdgbgig`eofifnfdghbibkc
+dfefbfeggfhbbbed`ejc`bbbibkc`bdfefbfeggfhbef`gibkcSSobob`bmdoffgef`bdgof`bdghfef`befnfdgbgig`b`gofifnfdg`bofffffcgefdg`bifnf`bdghfef`bffiflfefScgefefkfhbef`glb`bceededkdoeceeddeibkc
+Sobjb`bhdefbgef`bggef`blfofofkf`bffofbg`bmfoffg`befbfhglb`bfgaflfegefSdehfef`bdfifcgafcgcgefmfbflfefbg`bifcg`bhfofggeffgefbg`bnfofdg`bigefdg`bifnfdgefgfbgafdgefdf`bifnf`bdghfef`bbfcf`bcgof`bffofbg`bnfofgg`bggef`bcfhfefcfkf
+mfafnfegaflflfig`bifff`bifdggbcg`baf`bmfoffgnb`bidnf`bhfefhg`bifdg`bcghfofeglfdf`bbfef`bbfbfccccbcbcacac`c`c`bffofbg`bmfoffg`befbfhglb`b`c`cacacbcbccccc`bSdghfafdg`bifcg`bec`bbfigdgefcg`boffgefbgaflflfnb
+jbobSobob`bmdafkfef`bbgofofmf`bffofbg`bdghfef`bec`bbfigdgefcg`bdgof`bbfef`bbgefafdfSegifnfdghcoedg`bffifbgcgdgoeof`gkeecmekcSobob`bbeefafdf`bec`bbfigdgefcgSifffhbbgefafdfhbffifbgcgdgoeof`glb`becibabmcecib`bkg
+dfefbfeggfhbbbcdofeglfdfnfgbdg`bbgefafdf`bec`bbfigdgefcg`b`ded`elenfbbibkcSbgefdgegbgnf`b`ckcSmgSSobob`bcdhfefcfkf`bifff`bdghfef`bffifbgcgdg`bbfigdgef`bhbafkfaf`bffifbgcgdgoeof`gke`cmeib`bifcg`bbfbf
+ifffhbffifbgcgdgoeof`gke`cme`babmc`b`chgbfbfib`bkgSdfefbfeggfhbbbndof`bgbmfoffg`befbfhglb`bcfig`ghfefbgdgefhgdggb`bffofegnfdf`bafdg`befnfdgbgig`gofifnfdglenfbbibkc
+bgefdgegbgnf`b`ckcSmgSSobob`bdeafkfef`bdghfef`bafbggfegmfefnfdg`bofff`bmfoffg`befbfhglb`bnbnbnb`bgghfifcfhf`bifcg`bdghfef`bfead`bofff`bdghfef`bcfig`ghfefbgdgefhgdg
+egifnfdgccbcoedg`bfgafoeofffoecfig`ghfefbgdgefhgdg`bmc`bcflfifoebgefafdfifnfdgccbchbhbegifnfdgccbcoedg`bjbibhbffifbgcgdgoeof`gkbacibibkcSdfefbfeggfhbbbfead`bofff`bcfig`ghfefbgdgefhgdg`bifcg`bbbibkcdfefbfeggfhbfgafoeofffoecfig`ghfefbgdgefhgdgibkc
+Sobob`bmdafkfef`bdghfef`bfead`bafnf`bbefead`bmb`bdghfafdg`bifcg`bcgegbfdgbgafcfdg`bdghfef`bifmfafgfefbfafcgef`bffbgofmf`bifdgSegifnfdgccbcoedg`bbgfgafoeofffoecfig`ghfefbgdgefhgdg`bmc`bfgafoeofffoecfig`ghfefbgdgefhgdg`bmb`b`boeoecflfafmfbfcfoe`gefdfafdgafnbof`gdgccbcnbidmfafgfefbdafcgefkc
+dfefbfeggfhbbbbefead`bofff`bcfig`ghfefbgdgefhgdg`bifcg`bbbibkcdfefbfeggfhbbgfgafoeofffoecfig`ghfefbgdgefhgdgibkcSSobob`bdeegbgnf`bdghfef`bbefead`bofff`bdghfef`bcfig`ghfefbgdgefhgdg`bifnfdgof`baf`bffiflfef`bhbbgafggib`bofffffcgefdg
+egifnfdgccbcoedg`bofffffcgefdgoeofffoecfig`ghfefbgdgefhgdg`bmc`b`gefoebgafggafdfdfbghbbgfgafoeofffoecfig`ghfefbgdgefhgdgibkcSSobob`bidff`bdghfef`bofffffcgefdg`bifcg`bbfafdflb`bbfafiflf`bofegdg
+ifffhbofffffcgefdgoeofffoecfig`ghfefbgdgefhgdg`bmcmc`b`eedoeidndfeadldidddoebefeadib`bkgSdfefbfeggfhbbbcdafnfgbdg`blfofcfafdgef`bdghfef`b`ghfifcgifcfaflf`bofffffcgefdg`bofff`bdghfef`bcfig`ghfefbgdgefhgdgbbibkc
+bgefdgegbgnf`b`ckcSmgSdfefbfeggfhbbbcdig`ghfefbgdgefhgdg`bcgdgafbgdgcg`bafdg`bbbibkcdfefbfeggfhbofffffcgefdgoeofffoecfig`ghfefbgdgefhgdgibkcSSobob`bmdoffgef`bdgof`bdghfef`bcfig`ghfefbgdgefhgdg`bifnf`bdghfef`bffiflfef
+cgefefkfhbofffffcgefdgoeofffoecfig`ghfefbgdgefhgdglb`bceededkdoeceeddeibkcSSobob`bmdafkfef`bbgofofmf`bffofbg`bdghfef`bcfig`ghfefbgdgefhgdg`bdgof`bbfef`bbgefafdf`bmb`bac`c`bbfigdgefcg`bdghfafdg`bifcg`bbbhdedldldod`bgeodbemdbb`b`glfegcg`bofnfef`bbfigdgef`bffofbg`bdghfef`bdgefbgmfifnfafdgofbg
+egifnfdghcoedg`bcfig`ghfefbgdgefhgdgkeacacmekcSSobob`bbeefafdf`bdghfef`bcfig`ghfefbgdgefhgdg`bffbgofmf`bffiflfef`bifnfdgof`bbbcfig`ghfefbgdgefhgdgbbSifffhbbgefafdfhbcfig`ghfefbgdgefhgdglb`bac`cibabmcac`cib`bkg
+dfefbfeggfhbbbcdafnfgbdg`bbgefafdf`bac`c`bbfigdgefcg`bofff`bcfig`ghfefbgdgefhgdglenfbbibkcSbgefdgegbgnf`b`ckcSmgSobob`bdehfef`bbbdfefcfbgig`gdgifofnfbb`blfofof`g`bmb`bdgegbgnfcg`bdghfef`bcfig`ghfefbgdgefhgdg`bifnfdgof`b`glfafigifnfdgefhgdg
+egifnfdghcoedg`bcfegbgbgefnfdgoe`gofcgifdgifofnflb`bkfefig`bmc`b`chgbcickcSffofbghbcfegbgbgefnfdgoe`gofcgifdgifofnfmc`ckc`bcfegbgbgefnfdgoe`gofcgifdgifofnflcac`ckc`bcfegbgbgefnfdgoe`gofcgifdgifofnfkbkbib`bkg
+egifnfdghcoedg`bifnf`bmc`bcfig`ghfefbgdgefhgdgkecfegbgbgefnfdgoe`gofcgifdgifofnfmekcSkfefigkbkbkcScfig`ghfefbgdgefhgdgkecfegbgbgefnfdgoe`gofcgifdgifofnfme`bnemc`bkfefigkc
+kfefig`bmc`bcfig`ghfefbgdgefhgdgkecfegbgbgefnfdgoe`gofcgifdgifofnfmekcSmgSSobob`bcdofmf`gafbgef`bdghfef`bhbnfofggib`b`glfafifnfdgefhgdg`bggifdghf`bdghfef`bbgefffefbgefnfcfef`bhbbbhdedldldod`bgeodbemdbbib
+ifffhbabmfefmfcfmf`ghbcfig`ghfefbgdgefhgdglb`bbbhdedldldod`bgeodbemdbblb`bac`cibib`bkgScfig`ghfefbgdgefhgdgkeac`cme`bmc`b`ckc`bobob`baddfdf`baf`bcgdgbgifnfgf`bdgefbgmfifnfafdgofbg
+dfefbfeggfhbhbcfhfafbg`bjbibcfig`ghfefbgdgefhgdgibkc`bobob`b`ebgifnfdg`bifdglb`bjfegcgdg`bffofbg`bffegnfSffofegnfdffeifbgegcghbbbcdlfafmfadfembdeefcgdgmbfdiflfefmbdfefdgefcfdgefdfmbfgifafmbbfigdgefcfofdfefbbibkc`bobob`bceefdg`bdghfef`bfgifbgegcg`bnfafmfefab
+mgSbgefdgegbgnf`b`ckcSmgSSSS
\ No newline at end of file

-- 
Debian repository for ClamAV

More information about the Pkg-clamav-commits mailing list