Browse code
Properly calculate numBytes for interpreter, and protect interpreter from null derefs.
Török Edvin authored on 2010/02/22 21:12:55Showing 2 changed files
| ... | ... |
@@ -24,6 +24,7 @@ |
| 24 | 24 |
#include "clamav-config.h" |
| 25 | 25 |
#endif |
| 26 | 26 |
|
| 27 |
+#include <assert.h> |
|
| 27 | 28 |
#include "dconf.h" |
| 28 | 29 |
#include "clamav.h" |
| 29 | 30 |
#include "others.h" |
| ... | ... |
@@ -598,6 +599,7 @@ static int parseTypes(struct cli_bc *bc, unsigned char *buffer) |
| 598 | 598 |
case 3: |
| 599 | 599 |
ty->kind = (t == 2) ? DPackedStructType : DStructType; |
| 600 | 600 |
ty->size = ty->align = 0;/* TODO:calculate size/align of structs */ |
| 601 |
+ ty->align = 8; |
|
| 601 | 602 |
parseType(bc, ty, buffer, &offset, len, &ok); |
| 602 | 603 |
if (!ok) {
|
| 603 | 604 |
cli_errmsg("Error parsing type %u\n", i);
|
| ... | ... |
@@ -1386,6 +1388,7 @@ int cli_bytecode_run(const struct cli_all_bc *bcs, const struct cli_bc *bc, stru |
| 1386 | 1386 |
memset(&func, 0, sizeof(func)); |
| 1387 | 1387 |
func.numInsts = 1; |
| 1388 | 1388 |
func.numValues = 1; |
| 1389 |
+ func.numConstants = 0; |
|
| 1389 | 1390 |
func.numBytes = ctx->bytes; |
| 1390 | 1391 |
memset(ctx->values+ctx->bytes-8, 0, 8); |
| 1391 | 1392 |
|
| ... | ... |
@@ -1487,10 +1490,12 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc) |
| 1487 | 1487 |
struct cli_bc_func *bcfunc = &bc->funcs[i]; |
| 1488 | 1488 |
unsigned totValues = bcfunc->numValues + bcfunc->numConstants + bc->num_globals; |
| 1489 | 1489 |
unsigned *map = cli_malloc(sizeof(*map)*totValues); |
| 1490 |
+ bcfunc->numBytes = 0; |
|
| 1490 | 1491 |
for (j=0;j<bcfunc->numValues;j++) {
|
| 1491 | 1492 |
uint16_t ty = bcfunc->types[j]; |
| 1492 | 1493 |
unsigned align; |
| 1493 | 1494 |
align = typealign(bc, ty); |
| 1495 |
+ assert(align); |
|
| 1494 | 1496 |
bcfunc->numBytes = (bcfunc->numBytes + align-1)&(~(align-1)); |
| 1495 | 1497 |
map[j] = bcfunc->numBytes; |
| 1496 | 1498 |
bcfunc->numBytes += typesize(bc, ty); |
| ... | ... |
@@ -1503,6 +1508,7 @@ static int cli_bytecode_prepare_interpreter(struct cli_bc *bc) |
| 1503 | 1503 |
for (j=0;j<bc->num_globals;j++) {
|
| 1504 | 1504 |
uint16_t ty = bc->globaltys[j]; |
| 1505 | 1505 |
unsigned align = typealign(bc, ty); |
| 1506 |
+ assert(align); |
|
| 1506 | 1507 |
bcfunc->numBytes = (bcfunc->numBytes + align-1)&(~(align-1)); |
| 1507 | 1508 |
map[bcfunc->numValues+bcfunc->numConstants+j] = bcfunc->numBytes; |
| 1508 | 1509 |
bcfunc->numBytes += typesize(bc, ty); |
| ... | ... |
@@ -728,6 +728,10 @@ int cli_vm_execute(const struct cli_bc *bc, struct cli_bc_ctx *ctx, const struct |
| 728 | 728 |
{
|
| 729 | 729 |
const union unaligned_32 *ptr; |
| 730 | 730 |
READP(ptr, inst->u.unaryop); |
| 731 |
+ if (!ptr) {
|
|
| 732 |
+ cli_dbgmsg("Bytecode attempted to load from null pointer!\n");
|
|
| 733 |
+ return CL_EBYTECODE; |
|
| 734 |
+ } |
|
| 731 | 735 |
WRITE32(inst->dest, (ptr->una_u32)); |
| 732 | 736 |
break; |
| 733 | 737 |
} |