@@ -154,6 +154,10 @@ Mon Jul 25 14:33:59 CEST 2011 (acab)

 ------------------------------------

  * libclamav/matcher-hash.c: off by one read in cli_hm_scan (bb#2818)

+Tue Jul 19 18:30:53 CEST 2011 (acab)

+------------------------------------

+ * libclamav/autoit.c: avoid dumping uninit data on autoit failure (bb#3051)

+

 Thu Jul 14 12:29:17 EEST 2011 (edwin)

 ------------------------------------

  * libclamav/pdf.c: fix encrypted pdf detection (bb #2988)

@@ -339,14 +339,22 @@ static int ea05(cli_ctx *ctx, uint8_t *base, char *tmpd) {

        *

        * - Fortuna audaces iuvat -

        */

-      if (UNP.error) 

-	cli_dbgmsg("autoit: decompression error - partial file may exist\n");

+      if (UNP.error) {

+	cli_dbgmsg("autoit: decompression error after %u bytes  - partial file may exist\n", UNP.cur_output);

+	UNP.usize = UNP.cur_output;

+      }

     } else {

       cli_dbgmsg("autoit: file is not compressed\n");

       UNP.outputbuf = UNP.inputbuf;

       UNP.usize = UNP.csize;

     }

+    if (UNP.usize<4) {

+      cli_dbgmsg("autoit: file is too short\n");

+      free(UNP.outputbuf);

+      continue;

+    }

+

     files++;

     /* FIXME: REGRESSION NEEDED! */

@@ -638,8 +646,10 @@ static int ea06(cli_ctx *ctx, uint8_t *base, char *tmpd) {

       }

       free(UNP.inputbuf);

-      if (UNP.error) 

-	cli_dbgmsg("autoit: decompression error - partial file may exist\n");

+      if (UNP.error) {

+	cli_dbgmsg("autoit: decompression error after %u bytes - partial file may exist\n", UNP.cur_output);

+	UNP.usize = UNP.cur_output;

+      }

     } else {

       cli_dbgmsg("autoit: file is not compressed\n");

       UNP.outputbuf = UNP.inputbuf;