1. clamav-devel
  2. Commit f98726bd8c398fda3b68ea64c5bc85af653c3a8b
Browse code

swf: fix bb #10087, FrameSize handling for larger frames

David Raynor authored on 2014/05/24 00:45:49
Showing 1 changed files
libclamav/swf.c
History View file @ f98726b
... ... 
@@ -1,5 +1,6 @@
1 1 
 /*
2 2 
  *  Copyright (C) 2011-2013 Sourcefire, Inc.
3 
+ *  Copyright (C) 2014 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
3 4 
  *
4 5 
  *  The code is based on Flasm, command line assembler & disassembler of Flash
5 6 
  *  ActionScript bytecode Copyright (c) 2001 Opaque Industries, (c) 2002-2007
... ... 
@@ -249,7 +250,7 @@ int cli_scanswf(cli_ctx *ctx)
249 249 
     fmap_t *map = *ctx->fmap;
250 250 
     unsigned int bitpos, bitbuf, getbits_n, nbits, getword_1, getword_2, getdword_1, getdword_2;
251 251 
     const char *pt;
252 
-    char get_c;
252 
+    unsigned char get_c;
253 253 
     size_t offset = 0;
254 254 
     unsigned int val, foo, tag_hdr, tag_type, tag_len;
255 255 
     unsigned long int bits;
... ... 
@@ -278,10 +279,15 @@ int cli_scanswf(cli_ctx *ctx)
278 278 
     INITBITS;
279 279
280 280 
     GETBITS(nbits, 5);
281 
-    GETBITS(foo, nbits); /* xMin */
282 
-    GETBITS(foo, nbits); /* xMax */
283 
-    GETBITS(foo, nbits); /* yMin */
284 
-    GETBITS(foo, nbits); /* yMax */
281 
+    cli_dbgmsg("SWF: FrameSize RECT size bits: %u\n", nbits);
282 
+    {
283 
+        uint32_t xMin = 0, xMax = 0, yMin = 0, yMax = 0;
284 
+        GETBITS(xMin, nbits); /* Should be zero */
285 
+        GETBITS(xMax, nbits);
286 
+        GETBITS(yMin, nbits); /* Should be zero */
287 
+        GETBITS(yMax, nbits);
288 
+        cli_dbgmsg("SWF: FrameSize xMin %u xMax %u yMin %u yMax %u\n", xMin, xMax, yMin, yMax);
289 
+    }
285 290
286 291 
     GETWORD(foo);
287 292 
     GETWORD(val);