Skip to content

Commit

Permalink
cli_check_mydoom_log: Avoid unaligned access.
Browse files Browse the repository at this point in the history
fmap_need_off_once() may return an unaligned pointer. This in return
leads to an unaligned access during the load of the uint32_t variables
loading to failures on architectures not supporting unaligned access.

This was reported to the Debian BTS as #1073128.

[bigeasy: Commit message, reworked the patch a bit].

Link: https://bugs.debian.org/1073128
Signed-off-by: Sebastian Andrzej Siewior <[email protected]>
  • Loading branch information
vpa1977 authored and sebastianas committed Jun 27, 2024
1 parent 1d30588 commit c6293f3
Showing 1 changed file with 17 additions and 4 deletions.
21 changes: 17 additions & 4 deletions libclamav/special.c
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,8 @@

int cli_check_mydoom_log(cli_ctx *ctx)
{
const uint32_t *record;
const uint32_t record[16];
const void *ptr;
uint32_t check, key;
fmap_t *map = ctx->fmap;
unsigned int blocks = map->len / (8 * 4);
Expand All @@ -59,14 +60,26 @@ int cli_check_mydoom_log(cli_ctx *ctx)
if (blocks > 5)
blocks = 5;

record = fmap_need_off_once(map, 0, 8 * 4 * blocks);
if (!record)
/*
* The following pointer might not be properly aligned. There there is
* memcmp() + memcpy() workaround to avoid performing an unaligned access
* while reading the uint32_t.
*/
ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks);
if (!ptr)
return CL_CLEAN;

while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */
if (record[--blocks] == 0xffffffff)
const uint32_t marker_ff = 0xffffffff;

blocks--;
if (!memcmp(ptr + blocks * sizeof(uint32_t)),

Check failure on line 76 in libclamav/special.c

View workflow job for this annotation

GitHub Actions / build-windows

'const void *': unknown size

Check failure on line 76 in libclamav/special.c

View workflow job for this annotation

GitHub Actions / build-windows

'memcmp': too few actual parameters for intrinsic function
&marker_ff, sizeof(uint32_t))
return CL_CLEAN;
}

memcpy(record, ptr, sizeof(record));

key = ~be32_to_host(record[0]);
check = (be32_to_host(record[1]) ^ key) +
(be32_to_host(record[2]) ^ key) +
Expand Down

0 comments on commit c6293f3

Please sign in to comment.