[Pkg-clamav-devel] Bug#773318: Bug#773041: Bug#773318: clamav dies/hangs

Sebastian Andrzej Siewior sebastian at breakpoint.cc
Mon Dec 22 21:52:03 UTC 2014 

On 2014-12-22 02:52:02 [+0100], Marc Dequènes (duck) wrote:
> I can upload this simple fix quickly, nevertheless i did not have time to
> proofread it. Any comment?

I plan to add the following patch to clamav. I added a small comment
why we have the busy loop there. So far it looks like a good idea. The
only problem is that we need off_t beeing 64bit (LFS) or it won't work
on 32bit. No problem on Debian side…

I added upstream on CC hoping that they will take this or do something
about it :)

If nobody objects, I push this tomorrow into the clamav repo.

>From 9041fefc0d48aa3c307baa20c5cc4b7eceafe616 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
Date: Mon, 22 Dec 2014 22:10:47 +0100
Subject: [PATCH] make frame_end off_t

Debian bts #773041, #772891 contains a report of a .cab file which
causes an endless loop.
Eric Sharkey diagnosed the problem as frame_end is 32bit and overflows
and the result the loop makes no progress. He also added that making
it off_t (and so 64bit with LFS) fixes the problem.

The problem seems that after the overflow, window_posn is larger than
frame_end and therefore we never enter the loop to make progress. But we
still have out_bytes >0 so we don't leave the outer loop either.

This patch is based on Eric Sharkey comments.

Signed-off-by: Sebastian Andrzej Siewior <sebastian at breakpoint.cc>
---
 mspack/qtmd.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mspack/qtmd.c b/mspack/qtmd.c
index 12b27f5608c4..6e1640579119 100644
--- a/mspack/qtmd.c
+++ b/mspack/qtmd.c
@@ -253,7 +253,8 @@ struct qtmd_stream *qtmd_init(struct mspack_system *system,
 }
 
 int qtmd_decompress(struct qtmd_stream *qtm, off_t out_bytes) {
-  unsigned int frame_todo, frame_end, window_posn, match_offset, range;
+  unsigned int frame_todo, window_posn, match_offset, range;
+  off_t frame_end;
   unsigned char *window, *i_ptr, *i_end, *runsrc, *rundest;
   int i, j, selector, extra, sym, match_length;
   unsigned short H, L, C, symf;
-- 
2.1.3

Sebastian

More information about the Pkg-clamav-devel mailing list