GitList

Browse code

Fix crash on 64-bit Solaris Intel (bb #2314).

memcmp does 8-byte reads if length > 8, which might cross a page-boundary and
crash. Not strictly a memcmp bug, since manpage doesn't say that memcmp must stop at
first difference. Linux doesn't crash because it only does 4/8-byte reads on 4/8-byte aligned
addresses, hence it can never cross a page boundary.

Fix this by making sure that what we request from memcmp is entirely readable.

Török Edvin authored on 2010/10/05 23:01:26
Showing 2 changed files

ChangeLog index 3a497a2..11307d8 100644
libclamav/pdf.c index b1bfa18..cd4d25a 100644

ChangeLog

History View file @ 8f18920

@@ -1,3 +1,7 @@
                     +Tue Oct  5 17:03:43 EEST 2010 (edwin)
                     +-------------------------------------
                     + * libclamav/pdf.c: Fix crash on 64-bit Solaris Intel (bb #2314).
+                    +
                      Tue Sep 28 16:25:03 EEST 2010 (edwin)
                      -------------------------------------
                       * libclamav/c++: allow building with external LLVM 2.8rc2.

libclamav/pdf.c

History View file @ 8f18920

@@ -1044,6 +1044,7 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset)
                          } else {
                      	const char *t;
                      	size = q - eofmap + map_off;
                     +	q -= 9;
                      	for (;q > eofmap;q--) {
                      	    if (memcmp(q, "startxref", 9) == 0)
                      		break;