* Scott Kitterman | 2014-05-31 12:42:26 [-0400]: >That also resulted in a stack of conflicts when I pulled from Alioth that I git reset --hard origin/wheezy should fix this. >don't have time to sort out right now. Please make a debdiff and attach it to >the bug.
No problem. >Scott K Sebastian
diff -Nru clamav-0.98.1+dfsg/debian/changelog clamav-0.98.1+dfsg/debian/changelog --- clamav-0.98.1+dfsg/debian/changelog 2014-05-31 21:00:42.000000000 +0200 +++ clamav-0.98.1+dfsg/debian/changelog 2014-05-31 21:00:43.000000000 +0200 @@ -1,3 +1,11 @@ +clamav (0.98.1+dfsg-1+deb7u4) UNRELEASED; urgency=medium + + * cherry pick upstream patches to fix a crash while using clamscan. Added + patches: c6f5ef98d ("bb #10970 - Force a filesize limit of UINT_MAX - 2") + and 99ee2138c ("Key off INT_MAX") (Closes: #749715). + + -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc> Fri, 30 May 2014 20:46:42 +0200 + clamav (0.98.1+dfsg-1+deb7u3) stable; urgency=medium [ Sebastian Andrzej Siewior ] diff -Nru clamav-0.98.1+dfsg/libclamav/scanners.c clamav-0.98.1+dfsg/libclamav/scanners.c --- clamav-0.98.1+dfsg/libclamav/scanners.c 2014-01-13 18:02:34.000000000 +0100 +++ clamav-0.98.1+dfsg/libclamav/scanners.c 2014-05-31 21:00:43.000000000 +0200 @@ -3107,6 +3107,19 @@ { cli_ctx ctx; int rc; + STATBUF sb; + + /* We have a limit of around 2.17GB (INT_MAX - 2). Enforce it here. */ + if (map != NULL) { + if ((size_t)(map->real_len) > (size_t)(INT_MAX - 2)) + return CL_CLEAN; + } else { + if (FSTAT(desc, &sb)) + return CL_ESTAT; + + if ((size_t)(sb.st_size) > (size_t)(INT_MAX - 2)) + return CL_CLEAN; + } memset(&ctx, '\0', sizeof(cli_ctx)); ctx.engine = engine;