[Pkg-clamav-devel] Bug#750075: clamav: Wrong declaration of function destroy_ctx to cause undefined behaviour

Michael Tautschnig mt at debian.org
Sun Jun 1 10:34:14 UTC 2014 

Package: clamav
Version: 0.98.4~rc1+dfsg-2
Usertags: goto-cc
Tags: upstream
Forwarded: https://bugzilla.clamav.net/show_bug.cgi?id=11023

During a rebuild of all Debian packages in a clean sid chroot (using cowbuilder
and pbuilder) the build failed with the following error. Please note that we
use our research compiler tool-chain (using tools from the cbmc package), which
permits extended reporting on type inconsistencies at link time.

[...]
libtool: link: gcc -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,-z -Wl,relro -o .libs/sigtool output.o getopt.o optparser.o misc.o cdiff.o tar.o vba.o sigtool.o  -L/usr/lib -lssl -lcrypto ../libclamav/.libs/libclamav.so -lz -lresolv -lpthread

error: conflicting function declarations "destroy_ctx"
old definition in module vba file vba.c line 94
void (signed int desc, struct cli_ctx_tag *ctx)
new definition in module sigtool file vba.h line 28
void (struct cli_ctx_tag *)

reason for conflict:
parameter counts differ (2/1)
Makefile:558: recipe for target 'sigtool' failed
make[3]: *** [sigtool] Error 64
make[3]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-clamav/clamav-0.98.4~rc1+dfsg/sigtool'
Makefile:713: recipe for target 'check-recursive' failed
make[2]: *** [check-recursive] Error 1
make[2]: Leaving directory '/srv/jenkins-slave/workspace/sid-goto-cc-clamav/clamav-0.98.4~rc1+dfsg'
dh_auto_test: make -j1 check V=1 returned exit code 2
debian/rules:164: recipe for target 'override_dh_auto_test' failed
make[1]: *** [override_dh_auto_test] Error 2

The declaration of destroy_ctx here

http://sources.debian.net/src/clamav/0.98.4~rc1+dfsg-2/sigtool/vba.h?hl=28#L28

is inconsistent with the actual definition here:

http://sources.debian.net/src/clamav/0.98.4~rc1+dfsg-2/sigtool/vba.c?hl=94#L94

Thus any use of sigtool with vba or vba-hex will result in a crash because of
this:

http://sources.debian.net/src/clamav/0.98.4~rc1+dfsg-2/sigtool/sigtool.c?hl=1533,1538#L1533

Best,
Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 859 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20140601/6a2dc978/attachment.sig>

More information about the Pkg-clamav-devel mailing list