diff --git a/libclamav/special.c b/libclamav/special.c index 506e5799da..a509ec15ac 100644 --- a/libclamav/special.c +++ b/libclamav/special.c @@ -48,7 +48,8 @@ int cli_check_mydoom_log(cli_ctx *ctx) { - const uint32_t *record; + const uint32_t record[16]; + const void *ptr; uint32_t check, key; fmap_t *map = ctx->fmap; unsigned int blocks = map->len / (8 * 4); @@ -59,14 +60,26 @@ int cli_check_mydoom_log(cli_ctx *ctx) if (blocks > 5) blocks = 5; - record = fmap_need_off_once(map, 0, 8 * 4 * blocks); - if (!record) + /* + * The following pointer might not be properly aligned. There there is + * memcmp() + memcpy() workaround to avoid performing an unaligned access + * while reading the uint32_t. + */ + ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks); + if (!ptr) return CL_CLEAN; + while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */ - if (record[--blocks] == 0xffffffff) + const uint32_t marker_ff = 0xffffffff; + + blocks--; + if (!memcmp(ptr + blocks * sizeof(uint32_t)), + &marker_ff, sizeof(uint32_t)) return CL_CLEAN; } + memcpy(record, ptr, sizeof(record)); + key = ~be32_to_host(record[0]); check = (be32_to_host(record[1]) ^ key) + (be32_to_host(record[2]) ^ key) +