On Thu, 17 Nov 2005 22:43:43 +0000 (UTC) "Yuri Dario" <[EMAIL PROTECTED]> wrote:
> Hi, > > I just recompiled ClamAV 0.87.1 under OS/2, and I discovered a file > able to crash the function in the subject. > > Debugging code, showed that at some point in cli_scandesc() > (matcher.c) at line #292 > > while((bytes=...) > > only 21020 bytes are read from file. At this time length=98538, so at > line 298 the result is -115514. > Then cli_bm_scanbuff() is called, but here the length parameter is > declared as unsigned int instead of integer, so length became a very > high value. > > I don't understand if length should be negative or reset to zero, so > I'm posting here. > > The file is available on request. Please send a bug report to bugs*clamav.net following these instructions: http://www.clamav.net/bugs.html#pagestart -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Mon Nov 21 19:17:02 CET 2005
signature.asc
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html