Bug#276496: clamav: error message "untested big block size - please report"

Sun, 17 Apr 2005 06:24:33 -0700 

Stephen Gran <[EMAIL PROTECTED]> writes:

> Can you try again but this time with ole2_extract.c:794 ?

Looks better -- I won't pretend to understand it, but at least there
is a lot of output :)

(gdb) run
Starting program: /usr/bin/clamscan temp/badmail
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 20027)]
Breakpoint 2 at 0x4004d342: file ole2_extract.c, line 794.
Pending breakpoint "ole2_extract.c:794" resolved
[Switching to Thread 16384 (LWP 20027)]

Breakpoint 2, cli_ole2_extract (fd=8, 
    dirname=0x40473000 
"ÐÏ\021ࡱ\032á\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0þÿ\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0þÿÿÿ\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
 'ÿ' <repeats 57 times>..., limits=0x40473000)
    at ole2_extract.c:795
795             if (strncmp(hdr.magic, magic_id, 8) != 0) {
(gdb) bt full
#0  cli_ole2_extract (fd=8, 
    dirname=0x40473000 
"ÐÏ\021ࡱ\032á\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0þÿ\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0þÿÿÿ\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
 'ÿ' <repeats 57 times>..., limits=0x40473000)
    at ole2_extract.c:795
        hdr = {magic = "ÐÏ\021ࡱ\032á", clsid = "\\0\\0\\0\\0\\0\\0\\0\\0", 
  minor_version = 12380, dll_version = 12380, byte_order = 12380, 
  log2_big_block_size = 12380, log2_small_block_size = 811348060, reserved = {
    811348060, 53500990}, bat_count = -118692, prop_start = 103832585, 
  signature = 811348060, sbat_cutoff = 811348060, sbat_start = 811348060, 
  sbat_block_count = 811348060, xbat_start = 811348060, 
  xbat_count = 1543647324, bat_array = {1546673200, 811361328, 811348060, 
    811348060, 811348060, 1544564828, 2100321328, 811348060, 1543581788, 
    1546673200, -464, 1546673407, 1546673200, 811361584, 811348060, 
    1546673280, -13607888, -1 <repeats 92 times>}, sbat_root_start = -1, 
  m_area = 0x40473000 
"ÐÏ\021ࡱ\032á\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0þÿ\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0þÿÿÿ\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
 'ÿ' <repeats 57 times>..., m_length = 110737}
        statbuf = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152, 
  st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
    tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
        file_count = 0
#1  0x4003bc0f in cli_scanole2 (desc=1078407168, virname=0xbffff518, 
    scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=1, 
---Type <return> to continue, or q <return> to quit---
    mrec=1) at scanners.c:1130
        dir = 0x85ed110 "/tmp/clamav-ce12e9eb8e908cc2"
        ret = 107
#2  0x4003c9fe in cli_magic_scandesc (desc=8, virname=0xbffff518, 
    scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=1, 
    mrec=1) at scanners.c:1442
        ret = 0
        nret = 107
        type = CL_TYPE_MSOLE2
        sb = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152, 
  st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
    tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
#3  0x4003cdc0 in cli_scanfile (
    filename=0x40473000 
"ÐÏ\021ࡱ\032á\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0þÿ\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0þÿÿÿ\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
 'ÿ' <repeats 57 times>..., virname=0x40473000, 
    scanned=0x40473000, root=0x40473000, limits=0x40473000, 
    options=1078407168, arec=1078407168, mrec=1078407168) at scanners.c:1563
        fd = 8
        ret = 140416003
#4  0x4003b06f in cli_scandir (
    dirname=0x85ed0a0 "/tmp/clamav-b86c5d8d92716baf", virname=0xbffff518, 
    scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=0, 
    mrec=1) at scanners.c:875
        dd = (DIR *) 0x85e93a8
---Type <return> to continue, or q <return> to quit---
        dent = (struct dirent *) 0x40473000
        statbuf = {st_dev = 773, __pad1 = 0, st_ino = 15909, st_mode = 33152, 
  st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 110737, st_blksize = 4096, st_blocks = 232, st_atim = {
    tv_sec = 1113742520, tv_nsec = 0}, st_mtim = {tv_sec = 1113742520, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113742520, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
        fname = 0x85ed0c8 "/tmp/clamav-b86c5d8d92716baf/Protokoll 
irgendwas.doc5XfhZh"
#5  0x4003c379 in cli_scanmail (desc=1078407168, virname=0x40473000, 
    scanned=0x40473000, root=0x40473000, limits=0x40473000, options=107, 
    arec=0, mrec=1) at scanners.c:1330
        dir = 0x85ed0a0 "/tmp/clamav-b86c5d8d92716baf"
        ret = 0
#6  0x4003cbd2 in cli_magic_scandesc (desc=6, virname=0xbffff518, 
    scanned=0x805273c, root=0x8052970, limits=0x85e7a68, options=107, arec=0, 
    mrec=1) at scanners.c:1427
        ret = 0
        nret = 107
        type = CL_TYPE_MAIL
        sb = {st_dev = 776, __pad1 = 0, st_ino = 495115, st_mode = 33188, 
  st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 154737, st_blksize = 4096, st_blocks = 312, st_atim = {
    tv_sec = 1113726621, tv_nsec = 0}, st_mtim = {tv_sec = 1113726465, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113726465, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
#7  0x4003cd3e in cl_scandesc (desc=1078407168, virname=0x40473000, 
    scanned=0x40473000, root=0x40473000, limits=0x40473000, options=1078407168)
    at scanners.c:1551
---Type <return> to continue, or q <return> to quit---
No locals.
#8  0x0804df32 in checkfile (filename=0x85ed088 "temp/badmail", 
    root=0x40473000, limits=0x40473000, options=1078407168) at manager.c:763
        fd = 6
        ret = 0
        virname = 0x1 <Address 0x1 out of bounds>
#9  0x0804ceba in scanfile (filename=0x85ed088 "temp/badmail", root=0x8052970, 
    user=0x0, opt=0x8052798, limits=0x85e7a68, options=107) at manager.c:432
        ret = 134551212
        optnode = (struct optnode *) 0x804bd67
        argument = 0x40473000 
"ÐÏ\021ࡱ\032á\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0>\\0\003\\0þÿ\t\\0\006\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\002\\0\\0\\0d\\0\\0\\0\\0\\0\\0\\0\\0\020\\0\\0}\\0\\0\\0\001\\0\\0\\0þÿÿÿ\\0\\0\\0\\0e\\0\\0\\0\200\\0\\0\\0",
 'ÿ' <repeats 57 times>...
        sb = {st_dev = 776, __pad1 = 0, st_ino = 495115, st_mode = 33188, 
  st_nlink = 1, st_uid = 1000, st_gid = 1000, st_rdev = 0, __pad2 = 0, 
  st_size = 154737, st_blksize = 4096, st_blocks = 312, st_atim = {
    tv_sec = 1113726621, tv_nsec = 0}, st_mtim = {tv_sec = 1113726465, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113726465, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
#10 0x0804c5d0 in scanmanager (opt=0x8052798) at manager.c:259
        slash = 140431496
        thefilename = 0x85ed088 "temp/badmail"
        ret = 33188
        compression = 0
        fmodeint = 33188
        options = 107
        i = 1078407168
        x = 0
---Type <return> to continue, or q <return> to quit---
        trie = (struct cl_node *) 0x8052970
        limits = (struct cl_limits *) 0x85e7a68
        user = (struct passwd *) 0x0
        sb = {st_dev = 2, __pad1 = 0, st_ino = 1, st_mode = 16749, 
  st_nlink = 120, st_uid = 0, st_gid = 0, st_rdev = 0, __pad2 = 0, 
  st_size = 0, st_blksize = 1024, st_blocks = 0, st_atim = {
    tv_sec = 1113723044, tv_nsec = 0}, st_mtim = {tv_sec = 1113723044, 
    tv_nsec = 0}, st_ctim = {tv_sec = 1113723044, tv_nsec = 0}, __unused4 = 0, 
  __unused5 = 0}
        fullpath = 0x85ed088 "temp/badmail"
        cwd = "[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@µØ\006\000`c,@[EMAIL PROTECTED]@[EMAIL PROTECTED],@[EMAIL 
PROTECTED]@[EMAIL PROTECTED],@[EMAIL PROTECTED]@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@ [EMAIL PROTECTED]@[EMAIL PROTECTED],@`D,@[EMAIL PROTECTED]@[EMAIL 
PROTECTED]@[EMAIL PROTECTED]@[EMAIL PROTECTED]@²\232«\a8Ë%@"...
#11 0x0804b048 in clamscan (opt=0x8052798) at clamscan.c:148
        ds = 0
        dms = 134555560
        ret = 0
        mb = 0
        t1 = {tv_sec = 1113742518, tv_usec = 843735}
        t2 = {tv_sec = 268, tv_usec = -1073742908}
        tz = {tz_minuteswest = -120, tz_dsttime = 0}
        starttime = 1113742518
#12 0x0804b888 in main (argc=2, argv=0xbffffbc4) at options.c:177
        ret = -1073742614
        opt_index = 0
        i = 2
        len = -1073742614
---Type <return> to continue, or q <return> to quit---
        opt = (struct optstruct *) 0x8052798
        long_options = {{name = 0x80512f8 "help", has_arg = 0, flag = 0x0, 
    val = 104}, {name = 0x804ff38 "quiet", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x804ff3e "stdout", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051349 "verbose", has_arg = 0, flag = 0x0, val = 118}, {
    name = 0x804ff45 "debug", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80512fd "version", has_arg = 0, flag = 0x0, val = 86}, {
    name = 0x804ff50 "tempdir", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x804ff58 "leave-temps", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x805130c "config-file", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x8051318 "database", has_arg = 1, flag = 0x0, val = 100}, {
    name = 0x8051321 "whole-file", has_arg = 0, flag = 0x0, val = 119}, {
    name = 0x805132c "force", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051332 "recursive", has_arg = 0, flag = 0x0, val = 114}, {
    name = 0x804ff4b "bell", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x804ff98 "disable-summary", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x804ffa8 "no-summary", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x805133c "infected", has_arg = 0, flag = 0x0, val = 105}, {
    name = 0x804f60d "log", has_arg = 1, flag = 0x0, val = 108}, {
    name = 0x8051345 "log-verbose", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051351 "threads", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x8051359 "one-virus", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051307 "move", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x8051305 "remove", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051363 "exclude", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x805136b "exclude-dir", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x8051377 "include", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x805137f "include-dir", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x804ff6e "max-files", has_arg = 1, flag = 0x0, val = 0}, {
---Type <return> to continue, or q <return> to quit---
    name = 0x804ff64 "max-space", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x805138b "max-ratio", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x804ff78 "max-recursion", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x8051395 "max-dir-recursion", has_arg = 1, flag = 0x0, val = 0}, {
    name = 0x80513a7 "disable-archive", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513b7 "no-archive", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513c2 "detect-broken", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513d0 "block-encrypted", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513e0 "block-max", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513ea "no-pe", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513f0 "no-ole2", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x80513f8 "no-html", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x8051400 "mbox", has_arg = 0, flag = 0x0, val = 109}, {
    name = 0x8051405 "no-mail", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x805140d "mail-follow-urls", has_arg = 0, flag = 0x0, val = 0}, {
    name = 0x805141e "unzip", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x8051424 "unrar", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x805142a "unace", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x8051430 "unarj", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x805169e "arj", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x80516a3 "zoo", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x8051436 "unzoo", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x805143c "lha", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x80516a8 "jar", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x80516b2 "tar", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x80516c4 "tgz", has_arg = 2, flag = 0x0, val = 0}, {
    name = 0x80516b7 "deb", has_arg = 2, flag = 0x0, val = 0}, {name = 0x0, 
    has_arg = 0, flag = 0x0, val = 0}}
(gdb) 


Michael Below

Reply via email to