[Clamav-devel] Segfault in libclamav (0.91.2)
Greetings all ...
Here is a regression fix to a bug causing a segfault on some files ...
The trick might be to check for dcur+unp_offset+i<0 aswell as unp_offset
>=0
Here is a BT
#0 upx_inflate2b (src=0x9b4e15d "", ssize=2539, dst=0x9b1a148 "",
dsize=0xbfa1d5a8, upx0=45056, upx1=49152, ep=38875) at upx.c:344
344 upx.c: No such file or directory.
in upx.c
#0 upx_inflate2b (src=0x9b4e15d "", ssize=2539, dst=0x9b1a148 "",
dsize=0xbfa1d5a8, upx0=45056, upx1=49152, ep=38875) at upx.c:344
backbytes =
unp_offset = -33553921
backsize =
myebx = 671121408
scur = 19
dcur = 5
i = 0
magic = {264, 272, 213, 0}
oob =
unp_offset seems to misbehave ...
diff -ur clean/clamav-0.91.2/libclamav/upx.c clamav-0.91.2/libclamav/upx.c
--- clean/clamav-0.91.2/libclamav/upx.c 2007-07-13 11:34:03.0 +0200
+++ clamav-0.91.2/libclamav/upx.c 2007-09-04 13:52:42.0 +0200
@@ -340,8 +340,11 @@
if (!CLI_ISCONTAINED(dst, *dsize, dst+dcur+unp_offset, backsize) ||
!CLI_ISCONTAINED(dst, *dsize, dst+dcur, backsize) || unp_offset >=0)
return -1;
-for (i = 0; i < backsize; i++)
+for (i = 0; i < backsize; i++) {
+ if (dcur+i<0 || dcur+i>=*dsize || dcur+unp_offset+i<0 ||
dcur+unp_offset+i>=*dsize)
+ return -1;
dst[dcur + i] = dst[dcur + unp_offset + i];
+}
dcur+=backsize;
}
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Segfault in libclamav (0.91.2)
Gregory Nietsky wrote: > > Greetings all ... > > Here is a regression fix to a bug causing a segfault on some files ... > > The trick might be to check for dcur+unp_offset+i<0 aswell as unp_offset Hi Gregory, Looks to me like a compiler bug. If you're using gcc 4.1.0 do yourself a favour and upgrade to at least 4.1.1. Please see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 If it's not the case, please provide us with a sample. Thanks, -aCaB ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Segfault in libclamav (0.91.2)
Thank you ill try a different compiler and report back I am using 4.1.0 ATM aint had any problems till now but it is time to upgrade ... TTFN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of aCaB Sent: 04 September 2007 06:08 PM To: ClamAV Development Subject: Re: [Clamav-devel] Segfault in libclamav (0.91.2) Gregory Nietsky wrote: > > Greetings all ... > > Here is a regression fix to a bug causing a segfault on some files ... > > The trick might be to check for dcur+unp_offset+i<0 aswell as unp_offset Hi Gregory, Looks to me like a compiler bug. If you're using gcc 4.1.0 do yourself a favour and upgrade to at least 4.1.1. Please see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 If it's not the case, please provide us with a sample. Thanks, -aCaB ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net -- This message has been scanned for viruses and dangerous content by Superset Technology, and is believed to be clean. http://www.superset.co.za ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Segfault in libclamav (0.91.2)
Ah well that was a few hours of fun :) at least I learnt something I got a new gcc (4.2.1) and all seems well again (feel like a bit of a twit) Thx for the help. TTFN -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of aCaB Sent: 04 September 2007 06:08 PM To: ClamAV Development Subject: Re: [Clamav-devel] Segfault in libclamav (0.91.2) Gregory Nietsky wrote: > > Greetings all ... > > Here is a regression fix to a bug causing a segfault on some files ... > > The trick might be to check for dcur+unp_offset+i<0 aswell as unp_offset Hi Gregory, Looks to me like a compiler bug. If you're using gcc 4.1.0 do yourself a favour and upgrade to at least 4.1.1. Please see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 If it's not the case, please provide us with a sample. Thanks, -aCaB ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net -- This message has been scanned for viruses and dangerous content by Superset Technology, and is believed to be clean. http://www.superset.co.za ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Segfault in libclamav (0.91.2)
On Tuesday 04 September 2007, aCaB wrote: > Looks to me like a compiler bug. > If you're using gcc 4.1.0 do yourself a favour and upgrade to at least > 4.1.1. > > Please see https://wwws.clamav.net/bugzilla/show_bug.cgi?id=613 Is this the gcc 4.1.0 bug only ? What about 3.4.4 and 3.3.3 ? -- Regards, Sergey ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Segfault in libclamav (0.91.2)
Sergey wrote: > Is this the gcc 4.1.0 bug only ? What about 3.4.4 and 3.3.3 ? Hi Sergey, no other reports so far, besides 4.1.0 which is b0rked and will likely be blacklisted starting from the next release. It's unfortunate that some distro has got it installed by default. -aCaB ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
