added check for potential overflow with extremely large ole2 files

12 years ago · 2e97013360
parent b7b3a32b8a
commit 2e97013360
2 changed files with 10 additions and 0 deletions
--- a/libclamav/cltypes.h
+++ b/libclamav/cltypes.h
@ -107,4 +107,8 @@
 #define STDx32 "%" PRIx32
 #endif

+#ifndef INT32_MAX
+#define INT32_MAX 2147483647
+#endif
+
 #endif
--- a/libclamav/ole2_extract.c
+++ b/libclamav/ole2_extract.c
@ -1105,6 +1105,12 @@ cli_ole2_extract(const char *dirname, cli_ctx * ctx, struct uniq **vba)
    if (hdr.sbat_cutoff != 4096) {
        cli_dbgmsg("WARNING: Untested sbat cutoff (%u); data may not extract correctly\n", hdr.sbat_cutoff);
    }
+
+    if (hdr.map->len > INT32_MAX) {
+        cli_dbgmsg("OLE2 extract: Overflow detected\n");
+	ret = CL_EFORMAT;
+        goto abort;
+    }
    /* 8 SBAT blocks per file block */
    hdr.max_block_no = (hdr.map->len - MAX(512, 1 << hdr.log2_big_block_size)) / (1 << hdr.log2_small_block_size);