Re: access violation in cli_bm_scanbuff

On Thu, 17 Nov 2005 22:43:43 +0000 (UTC)
"Yuri Dario" <warp@xxxxxxxxxxxx> wrote:

> Hi,
> 
> I just recompiled ClamAV 0.87.1 under OS/2, and I discovered a file 
> able to crash the function in the subject.
> 
> Debugging code, showed that at some point in cli_scandesc() 
> (matcher.c) at line #292
> 
>       while((bytes=...)
> 
> only 21020 bytes are read from file. At this time length=98538, so at 
> line 298 the result is -115514.
> Then cli_bm_scanbuff() is called, but here the length parameter is 
> declared as unsigned int instead of integer, so length became a very 
> high value.
> 
> I don't understand if length should be negative or reset to zero, so 
> I'm posting here.
> 
> The file is available on request.

Please send a bug report to bugs*clamav.net following these
instructions: http://www.clamav.net/bugs.html#pagestart

-- 
   oo    .....         Tomasz Kojm <tkojm@xxxxxxxxxx>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Mon Nov 21 19:17:02 CET 2005

signature.asc
Description: PGP signature

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html