On 2014-12-22 02:52:02 [+0100], Marc Dequènes (duck) wrote:
> I can upload this simple fix quickly, nevertheless i did not have time to
> proofread it. Any comment?
I plan to add the following patch to clamav. I added a small comment
why we have the busy loop there. So far it looks like a good idea. The
only problem is that we need off_t beeing 64bit (LFS) or it won't work
on 32bit. No problem on Debian side…
I added upstream on CC hoping that they will take this or do something
about it :)
If nobody objects, I push this tomorrow into the clamav repo.
>From 9041fefc0d48aa3c307baa20c5cc4b7eceafe616 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
Date: Mon, 22 Dec 2014 22:10:47 +0100
Subject: [PATCH] make frame_end off_t
Debian bts #773041, #772891 contains a report of a .cab file which
causes an endless loop.
Eric Sharkey diagnosed the problem as frame_end is 32bit and overflows
and the result the loop makes no progress. He also added that making
it off_t (and so 64bit with LFS) fixes the problem.
The problem seems that after the overflow, window_posn is larger than
frame_end and therefore we never enter the loop to make progress. But we
still have out_bytes >0 so we don't leave the outer loop either.
This patch is based on Eric Sharkey comments.
Signed-off-by: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
---
mspack/qtmd.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/mspack/qtmd.c b/mspack/qtmd.c
index 12b27f5608c4..6e1640579119 100644
--- a/mspack/qtmd.c
+++ b/mspack/qtmd.c
@@ -253,7 +253,8 @@ struct qtmd_stream *qtmd_init(struct mspack_system *system,
}
int qtmd_decompress(struct qtmd_stream *qtm, off_t out_bytes) {
- unsigned int frame_todo, frame_end, window_posn, match_offset, range;
+ unsigned int frame_todo, window_posn, match_offset, range;
+ off_t frame_end;
unsigned char *window, *i_ptr, *i_end, *runsrc, *rundest;
int i, j, selector, extra, sym, match_length;
unsigned short H, L, C, symf;
--
2.1.3
Sebastian
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
