Ladar Levison wrote: > I've been having a problem with libclamav segfaulting. And since its linked > into my mail > server code (on lavabit.com), its been taking down the server.
Please open a bugreport and attach the sample, so we can have a look. > I've taken the temporary > step of disabling OLE2 scanning, but would like to track down the bug. It > appears to be > a recursion issue.My suggested patch would be to add rec_level+1 to lines > 555, 557 and > 559 of ole2_extract.c Increasing recursion level for each file is not the best solution, it will severely limit the number of files scanned in an ole2 container. > , but am curious to hear someone else's opinion. > Attachments don't come through the mailing list. > Here's a backtrace from the core dump: > > Program terminated with signal 11, Segmentation fault. > #0 0x00a8a230 in vfprintf () from /lib/tls/libc.so.6 > (gdb) bt > (gdb) bt > #0 0x00a8a230 in vfprintf () from /lib/tls/libc.so.6 > #1 0x00aa59cb in vsprintf () from /lib/tls/libc.so.6 > #2 0x00a92d4b in sprintf () from /lib/tls/libc.so.6 > #3 0x0032cc74 in handler_writefile (fd=81, hdr=0x6d1730, prop=0x6ba920, > dir=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2") at > ole2_extract.c:625 > #4 0x0032c9ab in ole2_walk_property_tree (fd=81, hdr=0x6d1730, > dir=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2", > prop_index=184, handler=0x32cbe0 <handler_writefile>, rec_level=1, > file_count=0x6d16cc, limits=0x80a6900) at ole2_extract.c:546 > #5 0x0032ca0c in ole2_walk_property_tree (fd=81, hdr=0x6d1730, > dir=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2", > prop_index=183, handler=0x32cbe0 <handler_writefile>, rec_level=1, > file_count=0x6d16cc, limits=0x80a6900) at ole2_extract.c:556 > > #156 0x0032ca0c in ole2_walk_property_tree (fd=81, hdr=0x6d1730, > dir=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2", > prop_index=1, handler=0x32cbe0 <handler_writefile>, rec_level=1, > file_count=0x6d16cc, > limits=0x80a6900) at ole2_extract.c:556 > #157 0x0032ca2e in ole2_walk_property_tree (fd=81, hdr=0x6d1730, > dir=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2", > prop_index=0, handler=0x32cbe0 <handler_writefile>, rec_level=0, > file_count=0x6d16cc, > limits=0x80a6900) at ole2_extract.c:558 > > #158 0x0032d346 in cli_ole2_extract (fd=81, dirname=0xab761280 > "/home/shackd/spool/clamav//clamav-1eb05df267a94cc3032c8cd2e042c1b2", > limits=0x80a6900) at ole2_extract.c:881 Looks like your stack is small. ole2_walk_property_tree uses 620 bytes of stack, so with a 1Mb stack we should have 1691 levels. But the default stacksize on Linux is 8 Mb, so we should get 13530 levels. Can you reproduce this with clamscan/clamdscan? > #176 0x0805dc9f in smtp_process_connection (session=0x6d9320) at > smtp/smtp_process_connection.c:1242 > #177 0x08063128 in worker_thread () at common/worker.c:84 > #178 0x00c403cc in start_thread () from /lib/tls/libpthread.so.0 > You didn't say what OS you are using, but I assume it is Linux because of /lib/tls, is that right? > #179 0x00b191ae in clone () from /lib/tls/libc.so.6 > > Please check the stacksize, use pthread_attr_getstacksize() on the pthread_attr_t you use to create the thread. --Edwin _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
