Thanks to Stephane Chazelas for the analysis.
Török Edvin authored on 2011/10/08 18:12:22... | ... |
@@ -1,3 +1,7 @@ |
1 |
+Sat Oct 8 12:10:13 EEST 2011 (edwin) |
|
2 |
+------------------------------------- |
|
3 |
+ * libclamav/bytecode.c,bytecode_api.c: fix recursion level crash (bb #3706). |
|
4 |
+ |
|
1 | 5 |
Mon Sep 19 13:44:36 CEST 2011 (tk) |
2 | 6 |
---------------------------------- |
3 | 7 |
* freshclam: re-enable short-time blacklisting of mirrors on |
... | ... |
@@ -2690,7 +2690,9 @@ int cli_bytecode_runhook(cli_ctx *cctx, const struct cl_engine *engine, struct c |
2690 | 2690 |
cli_dbgmsg("Bytecode %u unpacked file\n", bc->id); |
2691 | 2691 |
lseek(fd, 0, SEEK_SET); |
2692 | 2692 |
cli_dbgmsg("***** Scanning unpacked file ******\n"); |
2693 |
+ cctx->recursion++; |
|
2693 | 2694 |
ret = cli_magic_scandesc(fd, cctx); |
2695 |
+ cctx->recursion--; |
|
2694 | 2696 |
if (!cctx || !cctx->engine->keeptmp) |
2695 | 2697 |
if (ftruncate(fd, 0) == -1) |
2696 | 2698 |
cli_dbgmsg("ftruncate failed on %d\n", fd); |
... | ... |
@@ -506,7 +506,9 @@ int32_t cli_bcapi_extract_new(struct cli_bc_ctx *ctx, int32_t id) |
506 | 506 |
cli_file_t current = cctx->container_type; |
507 | 507 |
if (ctx->containertype != CL_TYPE_ANY) |
508 | 508 |
cctx->container_type = ctx->containertype; |
509 |
+ cctx->recursion++; |
|
509 | 510 |
res = cli_magic_scandesc(ctx->outfd, cctx); |
511 |
+ cctx->recursion--; |
|
510 | 512 |
cctx->container_type = current; |
511 | 513 |
if (res == CL_VIRUS) { |
512 | 514 |
if (cctx->virname) |