From 2f995d9abcc97f5bc50e1f73d10aa4e3959f59d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?T=C3=B6r=C3=B6k=20Edvin?= Date: Mon, 5 Apr 2010 22:42:39 +0300 Subject: [PATCH] Fix load of multiple unsigned bytecodes (bb #1924) All bytecode functions are loaded in a single module, the bounds verifier is run, and then stack protectors are inserted. The problem is that when the next bytecode function is loaded, all functions get run through the verifier again (including those which got the stack protector applied), and the bounds verifier rejects it (it doesn't know about stack protectors). The fix is to skip running the bounds verifier when a function already has the stack protector applied, when run in libclamav. This affects only loading of multiple unsigned bytecodes, or an unsigned bytecode + bytecode.cvd. Load of a single unsigned bytecode works, and load of multiple signed bytecodes is not affected (since the verifier is skipped there). --- ChangeLog | 4 ++++ libclamav/c++/ClamBCRTChecks.cpp | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4dc7c32d5..76ad2f17f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +Mon Apr 5 22:41:40 EEST 2010 (edwin) +------------------------------------- + * libclamav/c++/bytecode2llvm.cpp: Fix load of multiple unsigned bytecodes (bb #1924) + Sat Apr 3 21:05:35 EEST 2010 (edwin) ------------------------------------- * contrib/split-tarball.sh: update to work with 0.96 diff --git a/libclamav/c++/ClamBCRTChecks.cpp b/libclamav/c++/ClamBCRTChecks.cpp index 791cb8657..9afb1e396 100644 --- a/libclamav/c++/ClamBCRTChecks.cpp +++ b/libclamav/c++/ClamBCRTChecks.cpp @@ -65,6 +65,14 @@ namespace { PtrVerifier() : FunctionPass((intptr_t)&ID),rootNode(0) {} virtual bool runOnFunction(Function &F) { +#ifndef CLAMBC_COMPILER + // Bytecode was already verifier and had stack protector applied. + // We get called again because ALL bytecode functions loaded are part of + // the same module. + if (F.hasFnAttr(Attribute::StackProtectReq)) + return false; +#endif + DEBUG(F.dump()); Changed = false; BaseMap.clear();