[Pkg-clamav-devel] Bug#774725: libmspack: CHM decompression: division by zero

Jakub Wilk jwilk at debian.org
Tue Jan 6 20:18:17 UTC 2015 

Package: libmspack0
Version: 0.4-2
Severity: grave
Tags: security patch
Usertags: afl

libmspack crashes with SIGFPE on the attached CHM file:

$ gpg -d < sigfpe.chm.asc > sigfpe.chm
$ test/chmd_md5 sigfpe.chm
*** sigfpe.chm
d41d8cd98f00b204e9800998ecf8427e /#ITBITS
Floating point exception

Backtrace:
#0  0x5655d37b in __divdi3 ()
#1  0x56559ebb in chmd_init_decomp (file=0x56563378, self=0x56562008) at mspack/chmd.c:1132
#2  chmd_extract (base=0x56562008, file=0x56563378, filename=0x0) at mspack/chmd.c:996
#3  0x56555c40 in main (argc=2, argv=0xffffd888) at test/chmd_md5.c:44

This bug does affect ClamAV.

The attached patch should fix the problem. (But I'm not familiar with 
the code base, so please double-check it.)

This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl


-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libmspack0 depends on:
ii  libc6              2.19-13
ii  multiarch-support  2.19-13

-- 
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-division-by-zero.diff
Type: text/x-diff
Size: 302 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-clamav-devel/attachments/20150106/bcf8a0d5/attachment.diff>
-------------- next part --------------
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1

owHtmH1MG3UYx5/r2GhL2QoSNpOpbJ2IydproVvbvcTBHdDG62i42wTDXo72oCXt
ld2dcchkw7csIo3Rf8yiDswCAZyJ/rEZNFmcWXRzRHCJODAuYQb+kLeg4gsw/F1f
Mjc1myaamPw+lyfP7/k9z/P7Pbn7676nTVytXg7V1zUKFn8wwr3t/M7DsWUrAOAg
MgJZ3Uldly4NwLhEHOltHsx60wAdFzeOT2bdFqv1KuuS/nDSc8aEv5z0N4iEp01w
C+hen5rikOnVDVSvSc6wjEjVqWt1T52p4RXNPsuGwaw3fknMwCXzKXzecuZK5s2+
eC+JAi1p8tBVbrqSaGU64hFXggZQjyVNLFfp2V3OEp1HCJRhq1mu1AutqzqeQhFX
4fNQKMUYUbCnkkG1RGcwJxFwJQzRWWPIIENiQDhsCSqRMAGtTM62bTSv8Gwj7xfI
3XxEYEKyArCj4Pf7rBKV+HqB9LJUNNIoCbIsBEgqKiqCqMBb8Ix7811VS9GwWgUN
6x++Yz1KiR6xLgq1WvKOxZzEi3JdVIqQ8el35B/4Gy3NjjKq0OmyW80uushmttlo
tCopdJit1mIr5bKVuigH9TTpEWWFF/2Ceq76lUL/8hWVgiwoHF8bFuCU2woYDAaD
wWAwGAwGg/m/0Ue8CNvBCPeDBgywB0TwQxQi0AgSCCCjR4AAqjOAF1ig/jTXDA4o
Q7lCcIIL7GAFM/I0FIENrWzoodHeUlLVWIWMebyK0iQnSCkXKqqaooc0eLWph9NB
LrjdxXl7BUkORcU8u8Vhtzgd1kKU3xTXNG4nf6e2iy4YTB2GTs6Am/oCunglKAL6
IzdAojkTwMiZWO/QdFt8AuKPR94V/7QPg8FgMBgMBoPBYDAYzH/DmqQWoM3TQsMI
fAFg18CWLRBbvbgxlp53zKhbLz3HOI+nr2zecLH/y9CF0c1n0j94YLxl8NKhNCfs
Alg3QEBxe0vwrG9M31Zz6Pns7crYr+fXMGldrdPvbxKyj1bMXYuLHBCEU3rfigH+
WvW5eX+L/Wr+8P7FQA8/HZsq/7Q3o/vbnBhT3uc83nu9qefKcNte80P7206E58mR
wKWG+bXW769ePt8+3DfzrCczXJ/94HBu/32fvXaudO6Fj5YmM7ptP4zOfnz9vUnX
wX1bV6/dqXtyKtL0xNF7e2N9Xe2js1Nnfmxii6bemThwul+3PLHAf7Vsr36seuvn
M59kVuQukjPzQ90/z767UCuOXDg5+U0MXgaYeGRoYHxs7qcPFxe+PvHS3OszUuTR
G/csn4Wqv36bu2pSao4WWQGylOrjTokkx27t+A0=
=lYiV
-----END PGP MESSAGE-----

More information about the Pkg-clamav-devel mailing list