On 11/08/17 19:07, Sebastian Andrzej Siewior wrote:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6419
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6419
[1] 
https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
Stuart, is this enough information or do you need more?
I'm interested in how the fix is to add a check to see if window_posn+this_run wraps the window, immediately below a comment that expressly states that won't happen, with the reasoning: this_run has already been clamped to ensure it does not wrap a frame, and frames don't wrap windows.


If this is incorrect reasoning, what part of the reasoning is wrong? Is this_run somehow not being clamped to <=FRAME_SIZE through some code path? If so, the fix is to clamp it. Is window size not a multiple of frame size? If so, something is very wrong.

I'd be interested in seeing an example file that gets to this condition.

Also, if ClamAV made a change five months ago, and they're confident it's a bug in libmspack.... why am I only finding out today?

Regards
Stuart

Reply via email to