Browse code
Fix mmap failed(2) on 32-bit FreeBSD (bb #2300).
off_t is 64-bit, size_t is still 32-bit and that causes unexpected integer
promotion here:
map_off = map->len - 2048
First the unsigned subtraction is performed, and then the unsigned (!) value
is sign-extended to 64-bit. Hence a negative value becomes positive, which is
wrong.
Török Edvin authored on 2010/09/28 18:42:41Showing 2 changed files
| ... | ... |
@@ -1,3 +1,7 @@ |
| 1 |
+Tue Sep 28 12:42:01 EEST 2010 (edwin) |
|
| 2 |
+------------------------------------- |
|
| 3 |
+ * libclamav/pdf.c: fix mmap failed(2) on 32-bit FreeBSD (bb #2300). |
|
| 4 |
+ |
|
| 1 | 5 |
Thu Sep 23 17:59:26 CEST 2010 (acab) |
| 2 | 6 |
------------------------------------ |
| 3 | 7 |
* m4/acinclude: add alarm(10) to the CVE-2010-0405 check so we don't |
| ... | ... |
@@ -1024,7 +1024,7 @@ int cli_pdf(const char *dir, cli_ctx *ctx, off_t offset) |
| 1024 | 1024 |
offset += pdfver - start; |
| 1025 | 1025 |
|
| 1026 | 1026 |
/* find trailer and xref, don't fail if not found */ |
| 1027 |
- map_off = map->len - 2048; |
|
| 1027 |
+ map_off = (off_t)map->len - 2048; |
|
| 1028 | 1028 |
if (map_off < 0) |
| 1029 | 1029 |
map_off = 0; |
| 1030 | 1030 |
bytesleft = map->len - map_off; |