[Clamav-devel] Wrong type for memory allocation calculation

Ian Collins ian at ianshome.com
Mon Feb 24 03:08:36 EST 2014


I'm new here, so please forgive me if I'm posting to the wrong list!

I think have found a bug in fmap.c which causes a crash when scanning a 
large file in a 64 bit build.

The function cl_fmap_open_handle uses an unsigned for mapsz (line 213), 
and then calculates the size (line 232) with

mapsz = pages * pgsz + hdrsz;

Where I had a crash, pages was 1047561, pgsz was 4096 and hdrsz was 
4194304, so the result (4,295,004,160) overflowed an unsigned.

These variables should be size_t (the correct size type for mmap).


