@@ -62,7 +62,7 @@ static void help(void)

     printf("    --printbcir            -c         Print IR of bytecode signature\n");

     printf("    --trace <level>        -T         Set bytecode trace level 0..7 (default 7)\n");

     printf("    --no-trace-showsource  -s         Don't show source line during tracing\n");

-    printf("    --bytecode-statistics             Collect and print bytecode execution statistics\n");

+    printf("    --statistics=bytecode             Collect and print bytecode execution statistics\n");

     printf("    file                              file to test\n");

     printf("\n");

     return;

@@ -246,7 +246,7 @@ int main(int argc, char *argv[])

     FILE *f;

     struct cli_bc *bc;

     struct cli_bc_ctx *ctx;

-    int rc, dbgargc;

+    int rc, dbgargc, bc_stats=0;

     struct optstruct *opts;

     const struct optstruct *opt;

     unsigned funcid=0, i;

@@ -319,8 +319,15 @@ int main(int argc, char *argv[])

     bcs.all_bcs = bc;

     bcs.count = 1;

-    rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled, 

-			   optget(opts, "bytecode-statistics")->enabled);

+    if((opt = optget(opts, "statistics"))->enabled) {

+	while(opt) {

+	    if (!strcasecmp(opt->strarg, "bytecode"))

+		bc_stats=1;

+	    opt = opt->nextarg;

+        }

+    }

+

+    rc = cli_bytecode_load(bc, f, NULL, optget(opts, "trust-bytecode")->enabled, bc_stats);

     if (rc != CL_SUCCESS) {

 	fprintf(stderr,"Unable to load bytecode: %s\n", cl_strerror(rc));

 	optfree(opts);

@@ -239,7 +239,7 @@ void help(void)

     mprintf("    --bytecode[=yes(*)/no]               Load bytecode from the database\n");

     mprintf("    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode\n");

     mprintf("    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)\n");

-    mprintf("    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics\n");

+    mprintf("    --statistics[=none(*)/bytecode/pcre] Collect and print execution statistics\n");

     mprintf("    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications\n");

     mprintf("    --exclude-pua=CAT                    Skip PUA sigs of category CAT\n");

     mprintf("    --include-pua=CAT                    Load PUA sigs of category CAT\n");

@@ -902,6 +902,7 @@ with_libncurses_prefix

 with_libpdcurses_prefix

 enable_distcheck_werror

 with_system_llvm

+with_llvm_linking

 enable_llvm

 enable_sha_collector_for_internal_use

 with_libcurl

@@ -1628,6 +1629,8 @@ Optional Packages:

   --with-system-llvm      use system llvm instead of built-in, uses full path

                           to llvm-config [default=/usr/local or /usr if not

                           found in /usr/local]

+  --with-llvm-linking     specifies method to linking llvm [static|dynamic],

+                          only valid with --with-system-llvm

   --with-libcurl[=DIR]    path to directory containing libcurl

                           [default=/usr/local or /usr if not found in

                           /usr/local]

@@ -22450,6 +22453,36 @@ else

 fi

+

+# Check whether --with-llvm-linking was given.

+if test "${with_llvm_linking+set}" = set; then :

+  withval=$with_llvm_linking;

+if test "x$system_llvm" = "xbuilt-in"; then

+   as_fn_error $? "Failed to configure LLVM, and LLVM linking was specified without specifying system-llvm" "$LINENO" 5

+else

+case "$withval" in

+  static)

+    llvm_linking="static"

+    ;;

+  dynamic)

+    llvm_linking="dynamic"

+    ;;

+  *)

+    as_fn_error $? "Invalid argument to --with-llvm-linking" "$LINENO" 5

+esac

+fi

+

+else

+

+if test "x$system_llvm" = "xbuilt-in"; then

+   llvm_linking=""

+else

+   llvm_linking="auto"

+fi

+

+fi

+

+

 # Check whether --enable-llvm was given.

 if test "${enable_llvm+set}" = set; then :

   enableval=$enable_llvm; enable_llvm=$enableval

@@ -22478,6 +22511,7 @@ subdirs="$subdirs libclamav/c++"

 else

     system_llvm="none"

+    llvm_linking=""

 fi

 # Check whether --enable-sha-collector-for-internal-use was given.

@@ -25314,6 +25348,11 @@ fi

 if test "$enable_llvm" = "yes" && test "$subdirfailed" != "no"; then

     as_fn_error $? "Failed to configure LLVM, and LLVM was explicitly requested" "$LINENO" 5

 fi

+if test "$enable_llvm" = "auto" && test "$subdirfailed" != "no"; then

+    system_llvm="MIA"

+    llvm_linking=""

+fi

+

  if test "$subdirfailed" != "yes" && test "$enable_llvm" != "no"; then

   ENABLE_LLVM_TRUE=

   ENABLE_LLVM_FALSE='#'

@@ -28121,6 +28160,7 @@ have_jit="no"

 if test "$subdirfailed" = "no"; then

     have_jit="yes"

 fi

+if test "x$llvm_linking" = "x"; then

    $as_echo_n "              llvm        : "

@@ -28134,6 +28174,21 @@ else

   $as_echo "$have_jit, from $system_llvm ($enable_llvm)"

 fi

+else

+

+

+   $as_echo_n "              llvm        : "

+   if test "x$enable_llvm" = "xno"; then :

+  $as_echo "$have_jit, from $system_llvm ($llvm_linking) (disabled)"

+elif test "x$enable_llvm" = "xyes"; then :

+  $as_echo "$have_jit, from $system_llvm ($llvm_linking)"

+elif test "x$enable_llvm" = "x"; then :

+  $as_echo "$have_jit, from $system_llvm ($llvm_linking)"

+else

+  $as_echo "$have_jit, from $system_llvm ($llvm_linking) ($enable_llvm)"

+fi

+

+fi

    $as_echo_n "              mempool     : "

@@ -173,6 +173,11 @@ AC_OUTPUT

 if test "$enable_llvm" = "yes" && test "$subdirfailed" != "no"; then

     AC_MSG_ERROR([Failed to configure LLVM, and LLVM was explicitly requested])

 fi

+if test "$enable_llvm" = "auto" && test "$subdirfailed" != "no"; then

+    system_llvm="MIA"

+    llvm_linking=""

+fi

+

 AM_CONDITIONAL([ENABLE_LLVM],

 	       [test "$subdirfailed" != "yes" && test "$enable_llvm" != "no"])

 no_recursion="yes";

@@ -216,7 +221,11 @@ have_jit="no"

 if test "$subdirfailed" = "no"; then

     have_jit="yes"

 fi

-CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm],[$enable_llvm])

+if test "x$llvm_linking" = "x"; then

+   CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm],[$enable_llvm])

+else

+   CL_MSG_STATUS([llvm        ],[$have_jit, from $system_llvm ($llvm_linking)],[$enable_llvm])

+fi

 CL_MSG_STATUS([mempool     ],[$have_mempool],[$enable_mempool])

 AC_MSG_NOTICE([Summary of engine detection features])

@@ -39,7 +39,7 @@ Set bytecode trace level 0..7 (default 7)

 \fB\-\-no\-trace\-showsource\fR

 Don't show source line during tracing

 .TP

-\fB\-\-bytecode\-statistics\fR

+\fB\-\-statistics=bytecode\fR

 Collect and print bytecode execution statistics

 .TP

 file

@@ -102,8 +102,8 @@ Allow loading bytecode from outside digitally signed .c[lv]d files.

 \fB\-\-bytecode\-timeout=N\fR

 Set bytecode timeout in milliseconds (default: 60000 = 60s)

 .TP 

-\fB\-\-bytecode\-statistics[=yes/no(*)]\fR

-Collect and print bytecode statistics.

+\fB\-\-statistics[=none(*)/bytecode/pcre]\fR

+Collect and print execution statistics.

 .TP 

 \fB\-\-detect\-pua[=yes/no(*)]\fR

 Detect Possibly Unwanted Applications.

Binary files a/docs/signatures.pdf and b/docs/signatures.pdf differ

@@ -487,12 +487,11 @@ Sig2;Target:0;((0|1|2)>5,2)&(3|1);6b6f74656b;616c61;7a6f6c77;737

 Sig3;Target:0;((0|1|2|3)=2)&(4|1);6b6f74656b;616c61;7a6f6c77;737

 46566616e;deadbeef

-Sig4;Target:1,Engine:18-20;((0|1)&(2|3))&4;EP+123:33c06834f04100

+Sig4;Target:1;Engine:18-20;((0|1)&(2|3))&4;EP+123:33c06834f04100

 f2aef7d14951684cf04100e8110a00;S2+78:22??232c2d252229{-15}6e6573

-(63|64)61706528;S+50:68efa311c3b9963cb1ee8e586d32aeb9043e;f9c58d

-cf43987e4f519d629b103375;SL+550:6300680065005c0046006900

+(63|64)61706528;S3+50:68efa311c3b9963cb1ee8e586d32aeb9043e;f9c58

+dcf43987e4f519d629b103375;SL+550:6300680065005c0046006900

     \end{verbatim}

-

     \subsection{Special Subsignature Types}

     Macro subsignatures(clamav-0.96): \verb+${min-max}MACROID$+:

     \begin{itemize}

@@ -585,6 +584,15 @@ Firefox.boundElements;Target:0;0&1&2;6576656e742e626f756e64456c6

 22?window\.close\s*\x28/si

     \end{verbatim}

+    \subsection{Subsignature Options}

+    ClamAV (clamav-0.99) supports a number of additional subsignature options

+    for logical signatures. This is done by specifying a single '/' followed

+    by a number of characters representing the option.

+    \begin{itemize}

+    \item \verb+i+\\

+    Match subsignature as case-insensitive. (ex. ..;42434445/i;..)

+    \end{itemize}

+

     \subsection{Icon signatures for PE files}

     ClamAV 0.96 includes an approximate/fuzzy icon matcher to help

     detecting malicious executables disguising themselves as innocent

@@ -575,7 +575,6 @@ PACKAGE_STRING='libclamavc++ devel'

 PACKAGE_BUGREPORT='http://bugs.clamav.net'

 PACKAGE_URL=''

-ac_unique_file="llvm/configure"

 # Factoring default headers for most tests.

 ac_includes_default="\

 #include <stdio.h>

@@ -776,6 +775,7 @@ with_gnu_ld

 with_sysroot

 enable_libtool_lock

 with_system_llvm

+with_llvm_linking

 enable_llvm

 enable_optimized

 enable_all_jit_targets

@@ -1441,6 +1441,8 @@ Optional Packages:

   --with-system-llvm      Use system llvm instead of built-in, uses full path

                           to llvm-config (default= search /usr/local or /usr

                           if not found in /usr/local)

+  --with-llvm-linking     specifies method to linking llvm [static|dynamic],

+                          only valid with --with-system-llvm

 Some influential environment variables:

   CXX         C++ compiler command

@@ -2340,7 +2342,6 @@ ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.

-

 ac_config_headers="$ac_config_headers clamavcxx-config.h"

 # Make sure we can run config.sub.

@@ -15445,6 +15446,29 @@ $as_echo "$as_me: Using external LLVM" >&6;}

 fi

+llvm_linking=

+

+# Check whether --with-llvm-linking was given.

+if test "${with_llvm_linking+set}" = set; then :

+  withval=$with_llvm_linking;

+if test "x$llvmconfig" = "x"; then

+   as_fn_error $? "Failed to configure LLVM, and LLVM linking was specified without valid llvm-config" "$LINENO" 5

+else

+case "$withval" in

+  static)

+    llvm_linking="static"

+    ;;

+  dynamic)

+    llvm_linking="dynamic"

+    ;;

+  *)

+    as_fn_error $? "Invalid argument to --with-llvm-linking" "$LINENO" 5

+esac

+fi

+

+fi

+

+

 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for supported LLVM version" >&5

 $as_echo_n "checking for supported LLVM version... " >&6; }

 if test "x$llvmconfig" = "x"; then

@@ -15485,18 +15509,28 @@ fi

 if test "x$llvmconfig" != "x"; then

     LLVMCONFIG_CXXFLAGS=`$llvmconfig --cxxflags`

-    if test $llvmver_test -ge 350; then

-                ldflags=`$llvmconfig --ldflags`

-        syslibs=`$llvmconfig --system-libs`

-        LLVMCONFIG_LDFLAGS="$ldflags $syslibs"

-    else

+    if test "x$llvm_linking" = "xdynamic"; then

         LLVMCONFIG_LDFLAGS=`$llvmconfig --ldflags`

-    fi

-    LLVMCONFIG_LIBS=`$llvmconfig --libs jit nativecodegen scalaropts ipo`

+        LLVMCONFIG_LIBS=-lLLVM-$llvmver

+

+

+    else

+        if test $llvmver_test -ge 350; then

+                      ldflags=`$llvmconfig --ldflags`

+           syslibs=`$llvmconfig --system-libs`

+           LLVMCONFIG_LDFLAGS="$ldflags $syslibs"

-    LLVMCONFIG_LIBFILES=`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`

+        else

+           LLVMCONFIG_LDFLAGS=`$llvmconfig --ldflags`

+

+        fi

+        LLVMCONFIG_LIBS=`$llvmconfig --libs jit nativecodegen scalaropts ipo`

+

+        LLVMCONFIG_LIBFILES=`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`

+

+    fi

     { $as_echo "$as_me:${as_lineno-$LINENO}: CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS" >&5

 $as_echo "$as_me: CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS" >&6;}

@@ -16,7 +16,6 @@ dnl   MA 02110-1301, USA.

 AC_PREREQ([2.59])

 AC_INIT([libclamavc++],[devel],[http://bugs.clamav.net])

 AC_CONFIG_AUX_DIR([config])

-AC_CONFIG_SRCDIR([llvm/configure])

 AC_CONFIG_MACRO_DIR([m4])

 AC_CONFIG_HEADER([clamavcxx-config.h])

 AC_CANONICAL_TARGET

@@ -78,6 +77,26 @@ AC_ARG_WITH([system-llvm], AC_HELP_STRING([--with-system-llvm],

  fi

 ])

+llvm_linking=

+AC_ARG_WITH([llvm-linking], [AC_HELP_STRING([--with-llvm-linking],

+[specifies method to linking llvm @<:@static|dynamic@:>@, only valid with --with-system-llvm])],

+[

+if test "x$llvmconfig" = "x"; then

+   AC_MSG_ERROR([Failed to configure LLVM, and LLVM linking was specified without valid llvm-config])  

+else

+case "$withval" in

+  static)

+    llvm_linking="static"

+    ;;

+  dynamic)

+    llvm_linking="dynamic"

+    ;;

+  *)

+    AC_MSG_ERROR([Invalid argument to --with-llvm-linking])

+esac

+fi

+], [])

+

 AC_MSG_CHECKING([for supported LLVM version])

 if test "x$llvmconfig" = "x"; then

     dnl macro not available in older autotools

@@ -113,16 +132,24 @@ fi

 dnl aquire the required flags to properly link in external LLVM

 if test "x$llvmconfig" != "x"; then

     AC_SUBST(LLVMCONFIG_CXXFLAGS, [`$llvmconfig --cxxflags`])

-    if test $llvmver_test -ge 350; then

-        dnl LLVM 3.5.0 and after splits linker flags into two sets

-        ldflags=`$llvmconfig --ldflags`

-        syslibs=`$llvmconfig --system-libs`

-        AC_SUBST(LLVMCONFIG_LDFLAGS, ["$ldflags $syslibs"])

-    else

+

+    if test "x$llvm_linking" = "xdynamic"; then

         AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])

+        AC_SUBST(LLVMCONFIG_LIBS, [-lLLVM-$llvmver])

+        AC_SUBST(LLVMCONFIG_LIBFILES, [])

+    else

+        if test $llvmver_test -ge 350; then

+           dnl LLVM 3.5.0 and after splits linker flags into two sets

+           ldflags=`$llvmconfig --ldflags`

+           syslibs=`$llvmconfig --system-libs`

+           AC_SUBST(LLVMCONFIG_LDFLAGS, ["$ldflags $syslibs"])

+        else

+           AC_SUBST(LLVMCONFIG_LDFLAGS, [`$llvmconfig --ldflags`])

+        fi

+        AC_SUBST(LLVMCONFIG_LIBS, [`$llvmconfig --libs jit nativecodegen scalaropts ipo`])

+        AC_SUBST(LLVMCONFIG_LIBFILES, [`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`])

     fi

-    AC_SUBST(LLVMCONFIG_LIBS, [`$llvmconfig --libs jit nativecodegen scalaropts ipo`])

-    AC_SUBST(LLVMCONFIG_LIBFILES, [`$llvmconfig --libfiles jit nativecodegen scalaropts ipo`])

+

     AC_MSG_NOTICE([CXXFLAGS from llvm-config: $LLVMCONFIG_CXXFLAGS])

     AC_MSG_NOTICE([LDFLAGS from llvm-config: $LLVMCONFIG_LDFLAGS])

     AC_MSG_NOTICE([LIBS from llvm-config: $LLVMCONFIG_LIBS])

@@ -827,9 +827,7 @@ int unmew11(char *src, int off, int ssize, int dsize, uint32_t base, uint32_t va

 		if (!uselzma)

 		{

-			/* bb#11212 - DO NOT PEALIGN sections to cli_rebuildpe() *

-			 * data processed in src buffer is stored NOT pe-aligned */

-			uint32_t val = f2 - src;

+			uint32_t val = PESALIGN(f2 - src, 0x1000);

 			void *newsect;

 			if (i && val < section[i].raw) {

@@ -850,6 +848,18 @@ int unmew11(char *src, int off, int ssize, int dsize, uint32_t base, uint32_t va

 			section[i+1].raw = val;

 			section[i+1].rva = val + vadd;

 			section[i].rsz = section[i].vsz = ((i)?(val - section[i].raw):val);

+

+            /*

+             * bb#11212 - alternate fix, buffer is aligned

+             * must validate that sections do not intersect with source

+             * or, in other words, exceed the specified size of destination

+             */

+            if (section[i].raw + section[i].rsz > dsize) {

+                cli_dbgmsg("MEW: Section %i [%d, %d] exceeds destination size %d\n",

+                           i, section[i].raw, section[i].raw+section[i].rsz, dsize);

+                free(section);

+                return -1;

+            }

 		}

 		i++;

@@ -379,7 +379,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex

             free(pt);

         }

-    } else if(root->ac_only || type || lsigid || strpbrk(hexsig, "?([") || (root->bm_offmode && (!strcmp(offset, "*") || strchr(offset, ','))) || strstr(offset, "VI") || strchr(offset, '$')) {

+    } else if(root->ac_only || type || lsigid || sigopts || strpbrk(hexsig, "?([") || (root->bm_offmode && (!strcmp(offset, "*") || strchr(offset, ','))) || strstr(offset, "VI") || strchr(offset, '$')) {

         if((ret = cli_ac_addsig(root, virname, hexsig, sigopts, 0, 0, 0, rtype, type, 0, 0, offset, lsigid, options))) {

             cli_errmsg("cli_parse_add(): Problem adding signature (3).\n");

             return ret;

@@ -1435,7 +1435,7 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig

     /* Regex Usage and Support Check */

     for (i = 0; i < subsigs; ++i) {

         if (strchr(tokens[i+3], '/')) {

-            cli_dbgmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);

+            cli_warnmsg("cli_loadldb: logical signature for %s uses PCREs but support is disabled, skipping\n", virname);

             (*sigs)--;

             return CL_SUCCESS;

         }

@@ -157,6 +157,7 @@ cli_regcomp_real(regex_t *preg, const char *pattern, int cflags)

 	struct parse *p = &pa;

 	int i;

 	size_t len;

+	size_t maxlen;

 #ifdef REDEBUG

 #	define	GOODFLAGS(f)	(f)

 #else

@@ -179,7 +180,24 @@ cli_regcomp_real(regex_t *preg, const char *pattern, int cflags)

 							(NC-1)*sizeof(cat_t));

 	if (g == NULL)

 		return(REG_ESPACE);

+	/* Patch for bb11264 submitted by the Debian team:                */

+	/*

+	 * Limit the pattern space to avoid a 32-bit overflow on buffer

+	 * extension.  Also avoid any signed overflow in case of conversion

+	 * so make the real limit based on a 31-bit overflow.

+	 *

+	 * Likely not applicable on 64-bit systems but handle the case

+	 * generically (who are we to stop people from using ~715MB+

+	 * patterns?).

+	 */

+	maxlen = ((size_t)-1 >> 1) / sizeof(sop) * 2 / 3;

+	if (len >= maxlen) {

+		free((char *)g);

+		return(REG_ESPACE);

+	}

 	p->ssize = len/(size_t)2*(size_t)3 + (size_t)1;	/* ugh */

+	assert(p->ssize >= len);

+

 	p->strip = (sop *)cli_calloc(p->ssize, sizeof(sop));

 	p->slen = 0;

 	if (p->strip == NULL) {

@@ -282,6 +282,7 @@ end:

         cli_warnmsg("clamav_stats_add_sample: unlcoking mutex failed (err: %d): %s\n", err, strerror(err));

     }

 #endif

+    return;

 }

 void clamav_stats_flush(struct cl_engine *engine, void *cbdata)

@@ -492,6 +493,7 @@ void clamav_stats_decrement_count(const char *virname, const unsigned char *md5,

         cli_warnmsg("clamav_stats_decrement_count: unlocking mutex failed (err: %d): %s\n", err, strerror(err));

     }

 #endif

+    return;

 }

 size_t clamav_stats_get_num(void *cbdata)

@@ -13,6 +13,31 @@ AC_ARG_WITH([system-llvm], [AC_HELP_STRING([--with-system-llvm],

  esac

 ], [system_llvm="built-in"])

+AC_ARG_WITH([llvm-linking], [AC_HELP_STRING([--with-llvm-linking],

+[specifies method to linking llvm @<:@static|dynamic@:>@, only valid with --with-system-llvm])],

+[

+if test "x$system_llvm" = "xbuilt-in"; then

+   AC_MSG_ERROR([Failed to configure LLVM, and LLVM linking was specified without specifying system-llvm])  

+else

+case "$withval" in

+  static)

+    llvm_linking="static"

+    ;;

+  dynamic)

+    llvm_linking="dynamic"

+    ;;

+  *)

+    AC_MSG_ERROR([Invalid argument to --with-llvm-linking])

+esac

+fi

+], [

+if test "x$system_llvm" = "xbuilt-in"; then

+   llvm_linking=""

+else

+   llvm_linking="auto"

+fi

+])

+

 AC_ARG_ENABLE([llvm],AC_HELP_STRING([--enable-llvm],

 [enable 'llvm' JIT/verifier support @<:@default=auto@:>@]),

 [enable_llvm=$enableval],

@@ -29,4 +54,5 @@ if test "$enable_llvm" != "no"; then

     AC_CONFIG_SUBDIRS_OPTIONAL([libclamav/c++])

 else

     system_llvm="none"

+    llvm_linking=""

 fi