From afa9976cd42e8ac739739e0225a3d217871d04ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=B6r=C3=B6k=20Edvin?= Date: Mon, 9 Jan 2012 12:05:34 +0200 Subject: [PATCH] fmapify: fix NULL derefs in arj and 7z --- libclamav/7z_iface.c | 31 +++++++++++++++++++------------ libclamav/unarj.c | 2 ++ 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/libclamav/7z_iface.c b/libclamav/7z_iface.c index babcc5811..5812e8eef 100644 --- a/libclamav/7z_iface.c +++ b/libclamav/7z_iface.c @@ -40,8 +40,10 @@ static SRes FileInStream_fmap_Read(void *pp, void *buf, size_t *size) { return 0; read_sz = fmap_readn(p->file.fmap, buf, p->s.curpos, *size); - if(read_sz < 0) + if(read_sz < 0) { + *size = 0; return SZ_ERROR_READ; + } p->s.curpos += read_sz; @@ -120,22 +122,27 @@ int cli_7unz (cli_ctx *ctx, size_t offset) { if(cli_checklimits("7unz", ctx, f->Size, 0, 0)) continue; - newnamelen = SzArEx_GetFileNameUtf16(&db, i, NULL); - if (newnamelen > namelen) { - if(namelen > UTFBUFSZ) - free(utf16name); - utf16name = cli_malloc(newnamelen*2); - if(!utf16name) { - found = CL_EMEM; - break; + if (!db.FileNameOffsets) + newnamelen = 0; /* no filename */ + else { + newnamelen = SzArEx_GetFileNameUtf16(&db, i, NULL); + if (newnamelen > namelen) { + if(namelen > UTFBUFSZ) + free(utf16name); + utf16name = cli_malloc(newnamelen*2); + if(!utf16name) { + found = CL_EMEM; + break; + } + namelen = newnamelen; } - namelen = newnamelen; + SzArEx_GetFileNameUtf16(&db, i, utf16name); } - SzArEx_GetFileNameUtf16(&db, i, utf16name); - + name = (char *)utf16name; for(j=0; jstatus == CL_EFORMAT) + return CL_EFORMAT; decode_data->bit_buf = (decode_data->bit_buf << n) & 0xFFFF; while (n > decode_data->bit_count) { decode_data->bit_buf |= decode_data->sub_bit_buf << (n -= decode_data->bit_count);