@@ -1,3 +1,7 @@

+Sat Sep  2 20:16:26 CEST 2006 (tk)

+----------------------------------

+  * libclamav/unrar: more bugfixes

+

 Thu Aug 31 21:43:09 CEST 2006 (tk)

 ----------------------------------

   * libclamav/unrar: improve error handling

@@ -818,8 +818,12 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 			return FALSE;

 		}	

 		unpack_data->old_filter_lengths_size++;

-		unpack_data->old_filter_lengths = (int *) realloc(unpack_data->old_filter_lengths,

+		unpack_data->old_filter_lengths = (int *) cli_realloc(unpack_data->old_filter_lengths,

 				sizeof(int) * unpack_data->old_filter_lengths_size);

+		if(!unpack_data->old_filter_lengths) {

+		    cli_dbgmsg("unrar: add_vm_code: cli_realloc failed for unpack_data->old_filter_lengths\n");

+		    return FALSE;

+		}

 		unpack_data->old_filter_lengths[unpack_data->old_filter_lengths_size-1] = 0;

 		filter->exec_count = 0;

 	} else {

@@ -888,12 +892,19 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 			return FALSE;

 		}

 		vm_code = (unsigned char *) cli_malloc(vm_codesize);

+		if(!vm_code) {

+		    cli_dbgmsg("unrar: add_vm_code: cli_malloc failed for vm_code\n");

+		    return FALSE;

+		}

 		for (i=0 ; i < vm_codesize ; i++) {

 			vm_code[i] = rarvm_getbits(&rarvm_input) >> 8;

 			rarvm_addbits(&rarvm_input, 8);

 		}

-		rarvm_prepare(&unpack_data->rarvm_data, &rarvm_input, &vm_code[0],

-					vm_codesize, &filter->prg);

+		if(!rarvm_prepare(&unpack_data->rarvm_data, &rarvm_input, &vm_code[0], vm_codesize, &filter->prg)) {

+		    cli_dbgmsg("unrar: add_vm_code: rarvm_prepare failed\n");

+		    free(vm_code);

+		    return FALSE;

+		}

 		free(vm_code);

 	}

 	stack_filter->prg.alt_cmd = &filter->prg.cmd.array[0];

@@ -902,12 +913,20 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 	static_size = filter->prg.static_size;

 	if (static_size > 0 && static_size < VM_GLOBALMEMSIZE) {

 		stack_filter->prg.static_data = cli_malloc(static_size);

+		if(!stack_filter->prg.static_data) {

+		    cli_dbgmsg("unrar: add_vm_code: cli_malloc failed for stack_filter->prg.static_data\n");

+		    return FALSE;

+		}

 		memcpy(stack_filter->prg.static_data, filter->prg.static_data, static_size);

 	}

 	if (stack_filter->prg.global_size < VM_FIXEDGLOBALSIZE) {

 		free(stack_filter->prg.global_data);

 		stack_filter->prg.global_data = cli_malloc(VM_FIXEDGLOBALSIZE);

+		if(!stack_filter->prg.global_data) {

+		    cli_dbgmsg("unrar: add_vm_code: cli_malloc failed for stack_filter->prg.global_data\n");

+		    return FALSE;

+		}

 		memset(stack_filter->prg.global_data, 0, VM_FIXEDGLOBALSIZE);

 		stack_filter->prg.global_size = VM_FIXEDGLOBALSIZE;

 	}

@@ -932,8 +951,12 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 		cur_size = stack_filter->prg.global_size;

 		if (cur_size < data_size+VM_FIXEDGLOBALSIZE) {

 			stack_filter->prg.global_size += data_size+VM_FIXEDGLOBALSIZE-cur_size;

-			stack_filter->prg.global_data = realloc(stack_filter->prg.global_data,

+			stack_filter->prg.global_data = cli_realloc(stack_filter->prg.global_data,

 				stack_filter->prg.global_size);

+			if(!stack_filter->prg.global_data) {

+			    cli_dbgmsg("unrar: add_vm_code: cli_realloc failed for stack_filter->prg.global_data\n");

+			    return FALSE;

+			}

 		}

 		global_data = &stack_filter->prg.global_data[VM_FIXEDGLOBALSIZE];

 		for (i=0 ; i< data_size ; i++) {

@@ -1321,6 +1344,10 @@ rar_metadata_t *cli_unrar(int fd, const char *dirname, const struct cl_limits *l

 		return FALSE;

 	}

 	unpack_data = cli_malloc(sizeof(unpack_data_t));

+	if(!unpack_data) {

+	    cli_dbgmsg("unrar: cli_unrar: cli_malloc failed for unpack_data\n");

+	    return FALSE;

+	}

 	unpack_data->rarvm_data.mem = NULL;

 	unpack_data->old_filter_lengths = NULL;

 	unpack_data->PrgStack.array = unpack_data->Filters.array = NULL;

@@ -48,7 +48,7 @@ void rar_cmd_array_reset(rar_cmd_array_t *cmd_a)

 int rar_cmd_array_add(rar_cmd_array_t *cmd_a, int num)

 {

 	cmd_a->num_items += num;

-	cmd_a->array = (struct rarvm_prepared_command *) realloc(cmd_a->array,

+	cmd_a->array = (struct rarvm_prepared_command *) cli_realloc(cmd_a->array,

 			cmd_a->num_items * sizeof(struct rarvm_prepared_command));

 	if (cmd_a->array == NULL) {

 		return FALSE;

@@ -52,7 +52,7 @@ void rar_filter_array_reset(rar_filter_array_t *filter_a)

 int rar_filter_array_add(rar_filter_array_t *filter_a, int num)

 {

 	filter_a->num_items += num;

-	filter_a->array = (struct UnpackFilter **) realloc(filter_a->array,

+	filter_a->array = (struct UnpackFilter **) cli_realloc(filter_a->array,

 			filter_a->num_items * sizeof(struct UnpackFilter **));

 	if (filter_a->array == NULL) {

 		filter_a->num_items=0;

@@ -882,7 +882,7 @@ static int rarvm_execute_code(rarvm_data_t *rarvm_data,

 	}

 }

-void rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg)

+int rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg)

 {

 	unsigned int global_size, static_size, new_pos, new_size, data_size;

 	struct rarvm_prepared_command *prepared_code;

@@ -923,10 +923,16 @@ void rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg)

 		(unsigned int *)&rarvm_data->mem[VM_GLOBALMEMADDR+0x30]),VM_GLOBALMEMSIZE);

 	if (data_size != 0) {

 		prg->global_size += data_size+VM_FIXEDGLOBALSIZE;

-		prg->global_data = realloc(prg->global_data, prg->global_size);

+		prg->global_data = cli_realloc(prg->global_data, prg->global_size);

+		if(!prg->global_data) {

+		    cli_dbgmsg("unrar: rarvm_execute: cli_realloc failed for prg->global_data\n");

+		    return FALSE;

+		}

 		memcpy(prg->global_data, &rarvm_data->mem[VM_GLOBALMEMADDR],

 				data_size+VM_FIXEDGLOBALSIZE);

 	}

+

+	return TRUE;

 }

 void rarvm_decode_arg(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input,

@@ -1025,7 +1031,7 @@ void rarvm_optimize(struct rarvm_prepared_program *prg)

 	}

 }

-void rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigned char *code,

+int rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigned char *code,

 		int code_size, struct rarvm_prepared_program *prg)

 {

 	unsigned char xor_sum;

@@ -1067,9 +1073,17 @@ void rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigne

 			int data_size = rarvm_read_data(rarvm_input)+1;

 			rar_dbgmsg("data_size=%d\n", data_size);

 			prg->static_data = cli_malloc(data_size);

+			if(!prg->static_data) {

+			    cli_dbgmsg("unrar: rarvm_prepare: cli_malloc failed for prg->static_data\n");

+			    return FALSE;

+			}

 			for (i=0 ; rarvm_input->in_addr < code_size && i < data_size ; i++) {

 				prg->static_size++;

-				prg->static_data = realloc(prg->static_data, prg->static_size);

+				prg->static_data = cli_realloc(prg->static_data, prg->static_size);

+				if(!prg->static_data) {

+				    cli_dbgmsg("unrar: rarvm_prepare: cli_realloc failed for prg->static_data\n");

+				    return FALSE;

+				}

 				prg->static_data[i] = rarvm_getbits(rarvm_input) >> 8;

 				rarvm_addbits(rarvm_input, 8);

 			}

@@ -1151,4 +1165,6 @@ void rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigne

 	if (code_size!=0) {

 		rarvm_optimize(prg);

 	}

+

+	return TRUE;

 }

@@ -111,10 +111,10 @@ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input);

 void rarvm_addbits(rarvm_input_t *rarvm_input, int bits);

 int rarvm_init(rarvm_data_t *rarvm_data);

 void rarvm_free(rarvm_data_t *rarvm_data);

-void rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigned char *code,

+int rarvm_prepare(rarvm_data_t *rarvm_data, rarvm_input_t *rarvm_input, unsigned char *code,

 		int code_size, struct rarvm_prepared_program *prg);

 void rarvm_set_memory(rarvm_data_t *rarvm_data, unsigned int pos, uint8_t *data, unsigned int data_size);

-void rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg);

+int rarvm_execute(rarvm_data_t *rarvm_data, struct rarvm_prepared_program *prg);

 void rarvm_set_value(int byte_mode, unsigned int *addr, unsigned int value);

 unsigned int rarvm_read_data(rarvm_input_t *rarvm_input);

 uint32_t rar_crc(uint32_t start_crc, void *addr, uint32_t size);