1. clamav-devel
  2. Commit b31f2e7a2db558c64380f7e4d8a4cb6d88b45c2c
Browse code

Fix loading of apicall8 (disasm).

must alloc room for numop+2,
must validate only first element of an array type (it doesn't have more!),
regenerate _api_decl.c using ifacegen.

Török Edvin authored on 2010/01/20 02:58:15
Showing 2 changed files
libclamav/bytecode.c
History View file @ b31f2e7
... ... 
@@ -656,13 +656,18 @@ static int types_equal(const struct cli_bc *bc, uint16_t *apity2ty, uint16_t tid
656 656 
 	 cli_dbgmsg("bytecode: type numElements mismatch: %u != %u\n", ty->numElements, apity->numElements);
657 657 
 	 return 0;
658 658 
      }
659 
-    for (i=0;i<ty->numElements;i++) {
659 
+     for (i=0;i<ty->numElements;i++) {
660 660 
 	if (apity->containedTypes[i] < BC_START_TID) {
661 
-	    if (ty->containedTypes[i] != apity->containedTypes[i])
661 
+	    if (ty->containedTypes[i] != apity->containedTypes[i]) {
662 
+		cli_dbgmsg("bytecode: contained type mismatch: %u != %u\n",
663 
+			   ty->containedTypes[i], apity->containedTypes[i]);
662 664 
 		return 0;
665 
+	    }
663 666 
 	} else if (!types_equal(bc, apity2ty, ty->containedTypes[i], apity->containedTypes[i] - BC_START_TID))
664 667 
 	    return 0;
665 
-    }
668 
+	if (ty->kind == DArrayType)
669 
+	    break;/* validated the contained type already */
670 
+     }
666 671 
     return 1;
667 672 
 }
668 673
... ... 
@@ -1092,7 +1097,7 @@ static int parseBB(struct cli_bc *bc, unsigned func, unsigned bb, unsigned char
1092 1092 
 		if (ok) {
1093 1093 
 		    inst.u.ops.numOps = numOp+2;
1094 1094 
 		    inst.u.ops.opsizes = NULL;
1095 
-		    inst.u.ops.ops = cli_calloc(numOp, sizeof(*inst.u.ops.ops));
1095 
+		    inst.u.ops.ops = cli_calloc(numOp+2, sizeof(*inst.u.ops.ops));
1096 1096 
 		    if (!inst.u.ops.ops) {
1097 1097 
 			cli_errmsg("Out of memory allocating operands\n");
1098 1098 
 			return CL_EMEM;
libclamav/bytecode_api_decl.c
History View file @ b31f2e7
... ... 
@@ -54,9 +54,9 @@ const struct cli_apiglobal cli_globals[] = {
54 54 
 /* Bytecode globals BEGIN */
55 55 
 	{"__clambc_kind", GLOBAL_KIND, 16,
56 56 
 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.kind - (char*)NULL)},
57 
-	{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 83,
57 
+	{"__clambc_match_counts", GLOBAL_MATCH_COUNTS, 84,
58 58 
 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.match_counts - (char*)NULL)},
59 
-	{"__clambc_filesize", GLOBAL_FILESIZE, 82,
59 
+	{"__clambc_filesize", GLOBAL_FILESIZE, 83,
60 60 
 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.filesize - (char*)NULL)},
61 61 
 	{"__clambc_exeinfo", GLOBAL_EXEINFO, 79,
62 62 
 	 ((char*)&((struct cli_bc_ctx*)0)->hooks.exeinfo - (char*)NULL)},
... ... 
@@ -65,7 +65,7 @@ const struct cli_apiglobal cli_globals[] = {
65 65 
 /* Bytecode globals END */
66 66 
 };
67 67 
 const unsigned cli_apicall_maxglobal = _LAST_GLOBAL-1;
68 
-static uint16_t cli_tmp0[]={79, 77, 75, 72, 70, 32, 32, 32, 8, 65};
68 
+static uint16_t cli_tmp0[]={79, 77, 75, 72, 70, 32, 32, 32, 32, 8, 65};
69 69 
 static uint16_t cli_tmp1[]={71};
70 70 
 static uint16_t cli_tmp2[]={32, 32};
71 71 
 static uint16_t cli_tmp3[]={73};
... ... 
@@ -75,25 +75,26 @@ static uint16_t cli_tmp6[]={76};
75 75 
 static uint16_t cli_tmp7[]={16, 8, 8, 32, 32, 32, 32, 32, 32, 32, 32, 32, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 16, 16, 32, 32, 32, 32, 32, 32, 74};
76 76 
 static uint16_t cli_tmp8[]={78};
77 77 
 static uint16_t cli_tmp9[]={32, 16, 16, 32, 32, 32, 16, 16};
78 
-static uint16_t cli_tmp10[]={80, 32, 32, 16};
79 
-static uint16_t cli_tmp11[]={81};
80 
-static uint16_t cli_tmp12[]={32, 32, 32, 32, 32, 32, 32, 32, 32};
81 
-static uint16_t cli_tmp13[]={32};
78 
+static uint16_t cli_tmp10[]={81, 32, 32, 16, 80};
79 
+static uint16_t cli_tmp11[]={8};
80 
+static uint16_t cli_tmp12[]={82};
81 
+static uint16_t cli_tmp13[]={32, 32, 32, 32, 32, 32, 32, 32, 32};
82 82 
 static uint16_t cli_tmp14[]={32};
83 
-static uint16_t cli_tmp15[]={32, 32, 32};
84 
-static uint16_t cli_tmp16[]={32, 65, 32};
85 
-static uint16_t cli_tmp17[]={32, 87, 32};
86 
-static uint16_t cli_tmp18[]={88};
87 
-static uint16_t cli_tmp19[]={16, 8, 8, 8, 90, 89};
88 
-static uint16_t cli_tmp20[]={8};
89 
-static uint16_t cli_tmp21[]={91};
90 
-static uint16_t cli_tmp22[]={8};
91 
-static uint16_t cli_tmp23[]={32, 93, 32};
92 
-static uint16_t cli_tmp24[]={94};
93 
-static uint16_t cli_tmp25[]={93};
83 
+static uint16_t cli_tmp15[]={32};
84 
+static uint16_t cli_tmp16[]={32, 32, 32};
85 
+static uint16_t cli_tmp17[]={32, 65, 32};
86 
+static uint16_t cli_tmp18[]={32, 88, 32};
87 
+static uint16_t cli_tmp19[]={89};
88 
+static uint16_t cli_tmp20[]={16, 8, 8, 8, 91, 90};
89 
+static uint16_t cli_tmp21[]={8};
90 
+static uint16_t cli_tmp22[]={92};
91 
+static uint16_t cli_tmp23[]={8};
92 
+static uint16_t cli_tmp24[]={32, 94, 32};
93 
+static uint16_t cli_tmp25[]={95};
94 
+static uint16_t cli_tmp26[]={94};
94 95
95 96 
 const struct cli_bc_type cli_apicall_types[]={
96 
-	{DStructType, cli_tmp0, 10, 0, 0},
97 
+	{DStructType, cli_tmp0, 11, 0, 0},
97 98 
 	{DPointerType, cli_tmp1, 1, 0, 0},
98 99 
 	{DStructType, cli_tmp2, 2, 0, 0},
99 100 
 	{DPointerType, cli_tmp3, 1, 0, 0},
... ... 
@@ -103,43 +104,44 @@ const struct cli_bc_type cli_apicall_types[]={
103 103 
 	{DStructType, cli_tmp7, 31, 0, 0},
104 104 
 	{DPointerType, cli_tmp8, 1, 0, 0},
105 105 
 	{DStructType, cli_tmp9, 8, 0, 0},
106 
-	{DStructType, cli_tmp10, 4, 0, 0},
106 
+	{DStructType, cli_tmp10, 5, 0, 0},
107 107 
 	{DPointerType, cli_tmp11, 1, 0, 0},
108 
-	{DStructType, cli_tmp12, 9, 0, 0},
109 
-	{DArrayType, cli_tmp13, 1, 0, 0},
110 
-	{DArrayType, cli_tmp14, 64, 0, 0},
111 
-	{DFunctionType, cli_tmp15, 3, 0, 0},
108 
+	{DPointerType, cli_tmp12, 1, 0, 0},
109 
+	{DStructType, cli_tmp13, 9, 0, 0},
110 
+	{DArrayType, cli_tmp14, 1, 0, 0},
111 
+	{DArrayType, cli_tmp15, 64, 0, 0},
112 112 
 	{DFunctionType, cli_tmp16, 3, 0, 0},
113 113 
 	{DFunctionType, cli_tmp17, 3, 0, 0},
114 
-	{DPointerType, cli_tmp18, 1, 0, 0},
115 
-	{DStructType, cli_tmp19, 6, 0, 0},
116 
-	{DArrayType, cli_tmp20, 29, 0, 0},
117 
-	{DArrayType, cli_tmp21, 10, 0, 0},
114 
+	{DFunctionType, cli_tmp18, 3, 0, 0},
115 
+	{DPointerType, cli_tmp19, 1, 0, 0},
116 
+	{DStructType, cli_tmp20, 6, 0, 0},
117 
+	{DArrayType, cli_tmp21, 29, 0, 0},
118 118 
 	{DArrayType, cli_tmp22, 3, 0, 0},
119 
-	{DFunctionType, cli_tmp23, 3, 0, 0},
120 
-	{DPointerType, cli_tmp24, 1, 0, 0},
121 
-	{DStructType, cli_tmp25, 1, 0, 0}
119 
+	{DArrayType, cli_tmp23, 10, 0, 0},
120 
+	{DFunctionType, cli_tmp24, 3, 0, 0},
121 
+	{DPointerType, cli_tmp25, 1, 0, 0},
122 
+	{DStructType, cli_tmp26, 1, 0, 0}
122 123 
 };
123 124
124 125 
 const unsigned cli_apicall_maxtypes=sizeof(cli_apicall_types)/sizeof(cli_apicall_types[0]);
125 126 
 const struct cli_apicall cli_apicalls[]={
126 127 
 /* Bytecode APIcalls BEGIN */
127 
-	{"test0", 23, 0, 1},
128 
-	{"test1", 15, 0, 0},
129 
-	{"read", 16, 1, 1},
130 
-	{"write", 16, 2, 1},
131 
-	{"seek", 15, 1, 0},
132 
-	{"setvirusname", 16, 3, 1},
133 
-	{"debug_print_str", 16, 4, 1},
134 
-	{"debug_print_uint", 15, 2, 0},
135 
-	{"disasm_x86", 17, 5, 1},
136 
-	{"trace_directory", 16, 6, 1},
137 
-	{"trace_scope", 16, 7, 1},
138 
-	{"trace_source", 16, 8, 1},
139 
-	{"trace_op", 16, 9, 1},
140 
-	{"trace_value", 16, 10, 1},
141 
-	{"trace_ptr", 16, 11, 1},
142 
-	{"pe_rawaddr", 15, 3, 0}
128 
+	{"test0", 24, 0, 1},
129 
+	{"test1", 16, 0, 0},
130 
+	{"read", 17, 1, 1},
131 
+	{"write", 17, 2, 1},
132 
+	{"seek", 16, 1, 0},
133 
+	{"setvirusname", 17, 3, 1},
134 
+	{"debug_print_str", 17, 4, 1},
135 
+	{"debug_print_uint", 16, 2, 0},
136 
+	{"disasm_x86", 18, 5, 1},
137 
+	{"trace_directory", 17, 6, 1},
138 
+	{"trace_scope", 17, 7, 1},
139 
+	{"trace_source", 17, 8, 1},
140 
+	{"trace_op", 17, 9, 1},
141 
+	{"trace_value", 17, 10, 1},
142 
+	{"trace_ptr", 17, 11, 1},
143 
+	{"pe_rawaddr", 16, 3, 0}
143 144 
 /* Bytecode APIcalls END */
144 145 
 };
145 146 
 const cli_apicall_int2 cli_apicalls0[] = {