rpms/clamav
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eada9b2777
clamav/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch

90 lines
3.8 KiB
Diff
Raw Normal View History

Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning certain PDFs
2020-05-02 13:33:48 +00:00
From 0e865c4f0e5ea5c4879681d843a9b93fc871fd90 Mon Sep 17 00:00:00 2001
From: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
Date: Mon, 6 Apr 2020 15:03:20 -0700
Subject: [PATCH] PDF: Fix error Attempt to allocate 0 bytes
The PDF parser currently prints verbose error messages when attempting
to shrink a buffer down to actual data length after decoding if it turns
out that the decoded stream was empty (0 bytes). With exception to the
verbose error messages, there's no real behavior issue.
This commit fixes the issue by checking if any bytes were decoded before
attempting to shrink the buffer.
---
libclamav/pdfdecode.c | 27 ++++++++++++++++++---------
1 file changed, 18 insertions(+), 9 deletions(-)
diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
index 8315f3a761..d63f7b1cd4 100644
--- a/libclamav/pdfdecode.c
+++ b/libclamav/pdfdecode.c
@@ -638,8 +638,11 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
}
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -647,7 +650,7 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
cli_dbgmsg("cli_pdf: decoded %lu bytes from %lu total bytes\n",
@@ -817,8 +820,11 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
(void)inflateEnd(&stream);
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -826,7 +832,7 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
token->content = decoded;
@@ -1099,8 +1105,11 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
(void)lzwInflateEnd(&stream);
if (rc == CL_SUCCESS) {
- /* Shrink output buffer to final the decoded data length to minimize RAM usage */
- if (!(temp = cli_realloc(decoded, declen))) {
+ if (declen == 0) {
+ cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
+ rc = CL_BREAK;
+ } else if (!(temp = cli_realloc(decoded, declen))) {
+ /* Shrink output buffer to final the decoded data length to minimize RAM usage */
cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
rc = CL_EMEM;
} else {
@@ -1108,7 +1117,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
}
}
- if (rc == CL_SUCCESS) {
+ if (rc == CL_SUCCESS || rc == CL_BREAK) {
free(token->content);
token->content = decoded;
Reference in New Issue Copy Permalink