|
|
access violation in cli_bm_scanbuff: msg#00009security.virus.clamav.devel
Hi, I just recompiled ClamAV 0.87.1 under OS/2, and I discovered a file able to crash the function in the subject. Debugging code, showed that at some point in cli_scandesc() (matcher.c) at line #292 while((bytes=...) only 21020 bytes are read from file. At this time length=98538, so at line 298 the result is -115514. Then cli_bm_scanbuff() is called, but here the length parameter is declared as unsigned int instead of integer, so length became a very high value. I don't understand if length should be negative or reset to zero, so I'm posting here. The file is available on request. TIA, Yuri Dario _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | ClamAV infinite loop: 00009, Brian Bebeau |
|---|---|
| Next by Date: | Re: access violation in cli_bm_scanbuff: 00009, Tomasz Kojm |
| Previous by Thread: | ClamAV infinite loopi: 00009, Brian Bebeau |
| Next by Thread: | Re: access violation in cli_bm_scanbuff: 00009, Tomasz Kojm |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |