Hi,
I just recompiled ClamAV 0.87.1 under OS/2, and I discovered a file
able to crash the function in the subject.
Debugging code, showed that at some point in cli_scandesc()
(matcher.c) at line #292
while((bytes=...)
only 21020 bytes are read from file. At this time length=98538, so at
line 298 the result is -115514.
Then cli_bm_scanbuff() is called, but here the length parameter is
declared as unsigned int instead of integer, so length became a very
high value.
I don't understand if length should be negative or reset to zero, so
I'm posting here.
The file is available on request.
TIA,
Yuri Dario
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
