!17 Fix int64 overflow check

From: @ultra_planet Reviewed-by: @small_leek Signed-off-by: @small_leek
2020-10-10 09:59:55 +08:00 · 2020-10-10 09:59:55 +08:00 · f4c4ea0782
commit f4c4ea0782
parent 9c0d64098f 1081cd8581
2 changed files with 46 additions and 1 deletions
--- a/clamav-Fix-int64-overflow-check.patch
+++ b/clamav-Fix-int64-overflow-check.patch
@ -0,0 +1,41 @@
+From 38622da97fb6fcb2d43d5676ac75cb5ac7896359 Mon Sep 17 00:00:00 2001
+From: lutianxiong <lutianxiong@huawei.com>
+Date: Tue, 16 Jun 2020 11:15:10 +0800
+Subject: [PATCH] Fix int64 overflow check
+
+Overflow check "(value >> 32)  * 10  < INT32_MAX" may not work in
+certain conditions, e.g. value is 0xcccccccdbcdc9cc
+
+Note: This fixes oss-fuzz bug 16117.
+---
+ libclamav/htmlnorm.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/libclamav/htmlnorm.c b/libclamav/htmlnorm.c
+index d0be15b..4ac4948 100644
+--- a/libclamav/htmlnorm.c
+++ b/libclamav/htmlnorm.c
+@@ -1459,9 +1459,9 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
+ 					next_state = HTML_BAD_STATE;
+ 					ptr++;
+ 				} else if (isdigit(*ptr) || (hex && isxdigit(*ptr))) {
+-                        if (hex && (value >> 32) * 16 < INT32_MAX) {
+                        if (hex && value < INT64_MAX / 16) {
+ 						value *= 16;
+-                        } else if ((value >> 32) * 10 < INT32_MAX) {
+                        } else if (value < INT64_MAX / 10) {
+ 						value *= 10;
+                         } else {
+                             html_output_c(file_buff_o2, value);
+@@ -1727,7 +1727,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag
+ 				state = HTML_RFC2397_DATA;
+ 				break;
+ 			case HTML_ESCAPE_CHAR:
+-                    if ((value >> 32) * 16 < INT32_MAX) {
+                    if (value < INT64_MAX / 16) {
+ 				value *= 16;
+                     } else {
+                         state = next_state;
+-- 
+2.23.0
+
--- a/clamav.spec
+++ b/clamav.spec
@ -1,7 +1,7 @@
 Name:           clamav
 Summary:        End-user tools for the Clam Antivirus scanner
 Version:        0.101.4
-Release:        6
+Release:        7
 License:        GPLv2
 URL:            https://www.clamav.net/
 Source0:        https://www.clamav.net/downloads/production/clamav-%version.tar.gz
@ -25,6 +25,7 @@ Patch0002:      clamav-0.100.1-defaults_locations.patch
 Patch0003:      clamav-0.99-private.patch
 Patch0004:      clamav-0.100.0-umask.patch
 Patch0005:      llvm-glibc.patch
+Patch0006:      clamav-Fix-int64-overflow-check.patch

 BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
 BuildRequires:  gcc-c++ zlib-devel bzip2-devel gmp-devel curl-devel json-c-devel
@ -404,6 +405,9 @@ test -e %_var/log/clamav-milter.log || {


 %changelog
+* Fri Oct 09 2020 lingsheng <lingsheng@huawei.com> - 0.101.4-7
+- Fix int64 overflow check
+
 * Tue Sep 21 2020 chengzihan <chengzihan2@huawei.com> - 0.101.4-6
 - Drop clamd@scann.service file, change /var/run to /run