summaryrefslogtreecommitdiff
path: root/app-antivirus/clamav
diff options
context:
space:
mode:
Diffstat (limited to 'app-antivirus/clamav')
-rw-r--r--app-antivirus/clamav/Manifest2
-rw-r--r--app-antivirus/clamav/clamav-0.99.3-r2.ebuild160
-rw-r--r--app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch186
3 files changed, 348 insertions, 0 deletions
diff --git a/app-antivirus/clamav/Manifest b/app-antivirus/clamav/Manifest
index 5b70b148e124..ab808f61244e 100644
--- a/app-antivirus/clamav/Manifest
+++ b/app-antivirus/clamav/Manifest
@@ -3,6 +3,7 @@ AUX clamav-0.99.2-bytecode_api.patch 1531 BLAKE2B 50a70cf6e6cf206ec5e427e3b724c2
AUX clamav-0.99.2-gcc-6.patch 4476 BLAKE2B 9ef285f83665cb9cd41f1fe94a64805fc6413c66909be2ae93efb9e342beda0fbd7db81691506c8aa1cbf9bde4e0e74efbdadc0ba2e459479ada35266638ad7e SHA512 b30ed8b888af3697294c1a2aa96a335b3b1035f4f76e3bcf6c243dca7bdc5921a9bb182fbfd5e0e7f1bb9dce93b2312927e28f78edae466d31200a2be50f3a85
AUX clamav-0.99.2-pcre2-compile-erroffset.patch 540 BLAKE2B 77ad84cedb05329024226fffed554fce3005a678471117c9a9db54221d6d7458e6318b5b150c70e7f64cf16ad47d2093e40a67de0e9af024eb9bf6ed73b6c9f3 SHA512 6f2dd207accbc409c7e7155e3c04cf50255d4b6683ada24a559c23375ec4fa333f93118a25c8275cd8d6be7f950200c3730fd8174cc4a0450fe2160f2b86b536
AUX clamav-0.99.2-tinfo.patch 656 BLAKE2B be926db8e63458f0ef9d6d5b6f26058c2100881997cd97b03cf2f893f0d0ef2b18ebc25e1f38f2a1df5aef3a7f647eb1cec66c0cc173175976048ca5ad57e782 SHA512 33e375e8f4e74f284e9d14adaa8ef095bdb67b2f62e4b7c5e9c38a3c5f955106173e402859fabf44ada40ae08cceb3fca79322f8854f47d850816064641f4451
+AUX clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch 7631 BLAKE2B eb5ecde76d6cf748d3877ff18489c6b544b57a4a44375f3679d3ff8d45b99879af12840100e0eafc8461833eb6bb40ae4b26bf745cb28be9431b21a8ee5143c1 SHA512 11a4d299d719e43f22e7065d91785d4782d95ba0a167d43480b2409cbdd6ba3ba5c8552cee72c65a7bff0943fc24ac58cf6acc79ae364a7c42a8ab1a1fa6ebaf
AUX clamav-0.99.3-fix-fd-leaks-in-cli_scanscript.patch 3554 BLAKE2B 36ce8580da5abc310caa29ae87478b811f2db9403cb79b01efb9394b3d19ced2be3dbf66a1ad2ea06c660156a03879ba3dbca4329569e349d7a70c12f034d237 SHA512 e0dfecff8adb1e30f4c7a20271fd8731ebbb20449a532d70977f7491d8539fc8ed74f851f6903f6265a2e660f9471341e68cc0651e5f94356179ff1f328ada0c
AUX clamav-milter.README.gentoo 1124 BLAKE2B 41713f9ddd22b39748e812a03d5746d48b44f0506bd6e46886fd64233aedad0a7c4b2f8f7a3b0b1d14f831521c423ed5909eb9d9bc419540684fba065c3b9927 SHA512 1c6160e48eddd28f83ec5f24757f788781cef55789d1934dfccc12c7c5e5635a226d26b0983cab7344c142f5a2f1db172640b1d0e6c840a6fa83abed9be1211a
AUX clamav-milter.service 284 BLAKE2B 7fbdce10ffa1d85aa671616f17ad45683177916269b434283582ecb53000f7a9a8978119e6a8170ddad8f7c0f14f09398fd7b893aad5d718083b002f6371ff21 SHA512 442148ac3c42ecbb893de5c6edde337b72a745d20f6c5ffa33131f9a0b2daadcffac39b686ada986a5ab500ea7b9153c448abc1b819e15fef488da1812bb0cee
@@ -20,4 +21,5 @@ DIST clamav-0.99.3.tar.gz 16082645 BLAKE2B 3be06e563f17a07e4c7e95eb3efbb61e80858
EBUILD clamav-0.99.2-r1.ebuild 5125 BLAKE2B 330ee8e4625368933a519481a204839153e6a08cf1480f0622a2632d470f9b44cda9a4f68919f356c5a8b95b81b87912e1c64d3b6e3c66fa9e1b122b2863b06e SHA512 96b2ff17e272cef6a23bfa4357b7a84a509a6e6e105439e70cc8db99b75a61a5732f7257cf494a19d48998c4d84c2d19213d48bf6104cf372eb77c41c5506908
EBUILD clamav-0.99.2-r3.ebuild 5182 BLAKE2B d635013b30e5ec0ea2ec7a9329d1534595bbbb51b0bd79c3d1e0e545993223dfc384cc28bf907f478f8ae354b8b3543df1c2f8bafd4a89d01d3fa5c6bbdd4099 SHA512 754c23b5f2dd0d664f79ad07d0dbf1944a58418f36c9d2e01f8fbf88eb6f883bf825cd16a43ca3916417a3dc4e0de8dda49f345a002e74f2caaa1b1e1da3fd97
EBUILD clamav-0.99.3-r1.ebuild 5239 BLAKE2B 04bff202062f8f5fc9742ea74b38d92f42d20ce4cc1d1d4255471b80c6ec40eb9cda44e9347635a71cc45fde24f8d37bd8e9a2f9397cb50d72e964fdfaee7bc1 SHA512 e8daeafad7479fb4853610cfb4006648e5be5d421404de979a9bc499151b9c57a14721b5fcc4b8568d4064befc06f227fafe7f283928943b6008ddac064fd8bd
+EBUILD clamav-0.99.3-r2.ebuild 5307 BLAKE2B 5d2378bd17e3664734df0ca1ab1cdfdc1e10b2bc5281dfdd7b05f2ac04a061874dbf8a55a075d223e7c8558c2fd02a1cb3871bc884bae97d5d26c615929c7be8 SHA512 da82fc72230d0f61fb69f69073217716e727e73f761f04fad229f81112f3f17e17ffdc040bf094cb8c0150e6d841daf9f36a3f1b9560c4d8172dc5f6a977d449
MISC metadata.xml 740 BLAKE2B 2cc1cd27896d7a032b476bbbe6a1b176c95657de5267cc77f6fc1ce1758603d9cf0caa0f3a614bc4a366695a089833474c30afc607ba1dee2caaff1dfc9e6c48 SHA512 baff0fa3285a5bfd17b408dc88ad573df07ec4de5e2827d352465347c5ebceb466172c4f369dac5680c927cad3a887a60721358e43b26e8cd7eaf3cebcaba832
diff --git a/app-antivirus/clamav/clamav-0.99.3-r2.ebuild b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
new file mode 100644
index 000000000000..f0977dc5f0ff
--- /dev/null
+++ b/app-antivirus/clamav/clamav-0.99.3-r2.ebuild
@@ -0,0 +1,160 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools eutils flag-o-matic user systemd
+
+DESCRIPTION="Clam Anti-Virus Scanner"
+HOMEPAGE="http://www.clamav.net/"
+SRC_URI="https://www.clamav.net/downloads/production/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~sparc-solaris ~x86-solaris"
+IUSE="bzip2 clamdtop iconv ipv6 libressl milter metadata-analysis-api selinux static-libs uclibc"
+
+CDEPEND="bzip2? ( app-arch/bzip2 )
+ clamdtop? ( sys-libs/ncurses:0 )
+ iconv? ( virtual/libiconv )
+ metadata-analysis-api? ( dev-libs/json-c:= )
+ milter? ( || ( mail-filter/libmilter mail-mta/sendmail ) )
+ dev-libs/libtommath
+ >=sys-libs/zlib-1.2.2:=
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ sys-devel/libtool
+ || ( dev-libs/libpcre2 >dev-libs/libpcre-6 )
+ !!<app-antivirus/clamav-0.99"
+# hard block clamav < 0.99 due to linking problems Bug #567680
+# openssl is now *required* see this link as to why
+# http://blog.clamav.net/2014/02/introducing-openssl-as-dependency-to.html
+DEPEND="${CDEPEND}
+ virtual/pkgconfig"
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-clamav )"
+
+DOCS=( AUTHORS BUGS ChangeLog FAQ INSTALL NEWS README UPGRADE )
+PATCHES=(
+ "${FILESDIR}"/${PN}-0.99.2-gcc-6.patch
+ "${FILESDIR}"/${PN}-0.99.2-tinfo.patch
+ "${FILESDIR}"/${PN}-0.99.2-bytecode_api.patch
+ "${FILESDIR}"/${PN}-0.99.2-pcre2-compile-erroffset.patch
+ "${FILESDIR}"/${PN}-0.99.3-fix-fd-leaks-in-cli_scanscript.patch
+ "${FILESDIR}"/${PN}-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
+)
+
+pkg_setup() {
+ enewgroup clamav
+ enewuser clamav -1 -1 /dev/null clamav
+}
+
+src_prepare() {
+ default
+
+ eautoconf
+}
+
+src_configure() {
+ use ppc64 && append-flags -mminimal-toc
+ use uclibc && export ac_cv_type_error_t=yes
+
+ econf \
+ $(use_enable bzip2) \
+ $(use_enable clamdtop) \
+ $(use_enable ipv6) \
+ $(use_enable milter) \
+ $(use_enable static-libs static) \
+ $(use_with iconv) \
+ $(use_with metadata-analysis-api libjson /usr) \
+ --cache-file="${S}"/config.cache \
+ --disable-experimental \
+ --disable-gcc-vcheck \
+ --disable-zlib-vcheck \
+ --enable-id-check \
+ --with-dbdir="${EPREFIX}"/var/lib/clamav \
+ --with-system-tommath \
+ --with-zlib="${EPREFIX}"/usr
+}
+
+src_install() {
+ default
+
+ rm -rf "${ED}"/var/lib/clamav
+ newinitd "${FILESDIR}"/clamd.initd-r6 clamd
+ newconfd "${FILESDIR}"/clamd.conf-r1 clamd
+
+ systemd_dotmpfilesd "${FILESDIR}/tmpfiles.d/clamav.conf"
+ systemd_newunit "${FILESDIR}/clamd_at.service" "clamd@.service"
+ systemd_dounit "${FILESDIR}/clamd.service"
+ systemd_dounit "${FILESDIR}/freshclamd.service"
+
+ keepdir /var/lib/clamav
+ fowners clamav:clamav /var/lib/clamav
+ keepdir /var/log/clamav
+ fowners clamav:clamav /var/log/clamav
+
+ dodir /etc/logrotate.d
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/clamav.logrotate clamav
+
+ # Modify /etc/{clamd,freshclam}.conf to be usable out of the box
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.pid:" \
+ -e "s:.*\(LocalSocket\) .*:\1 ${EPREFIX}/var/run/clamav/clamd.sock:" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamd.log:" \
+ -e "s:^\#\(LogTime\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/clamd.conf.sample || die
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/freshclam.pid:" \
+ -e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+ -e "s:^\#\(UpdateLogFile\) .*:\1 ${EPREFIX}/var/log/clamav/freshclam.log:" \
+ -e "s:^\#\(NotifyClamd\).*:\1 ${EPREFIX}/etc/clamd.conf:" \
+ -e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ "${ED}"/etc/freshclam.conf.sample || die
+
+ if use milter ; then
+ # MilterSocket one to include ' /' because there is a 2nd line for
+ # inet: which we want to leave
+ dodoc "${FILESDIR}"/clamav-milter.README.gentoo
+ sed -i -e "s:^\(Example\):\# \1:" \
+ -e "s:.*\(PidFile\) .*:\1 ${EPREFIX}/var/run/clamav/clamav-milter.pid:" \
+ -e "s+^\#\(ClamdSocket\) .*+\1 unix:${EPREFIX}/var/run/clamav/clamd.sock+" \
+ -e "s:.*\(User\) .*:\1 clamav:" \
+ -e "s+^\#\(MilterSocket\) /.*+\1 unix:${EPREFIX}/var/run/clamav/clamav-milter.sock+" \
+ -e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+ -e "s:^\#\(LogFile\) .*:\1 ${EPREFIX}/var/log/clamav/clamav-milter.log:" \
+ "${ED}"/etc/clamav-milter.conf.sample || die
+ cat >> "${ED}"/etc/conf.d/clamd <<-EOF
+ MILTER_NICELEVEL=19
+ START_MILTER=no
+ EOF
+
+ systemd_newunit "${FILESDIR}/clamav-milter.service-r1" clamav-milter.service
+ fi
+
+ for i in clamd freshclam clamav-milter
+ do
+ [[ -f "${D}"/etc/"${i}".conf.sample ]] && mv "${D}"/etc/"${i}".conf{.sample,}
+ done
+
+ prune_libtool_files --all
+}
+
+src_test() {
+ emake quick-check
+}
+
+pkg_postinst() {
+ if use milter ; then
+ elog "For simple instructions how to setup the clamav-milter read the"
+ elog "clamav-milter.README.gentoo in /usr/share/doc/${PF}"
+ fi
+ if test -z $(find "${ROOT}"var/lib/clamav -maxdepth 1 -name 'main.c*' -print -quit) ; then
+ ewarn "You must run freshclam manually to populate the virus database files"
+ ewarn "before starting clamav for the first time.\n"
+ fi
+}
diff --git a/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
new file mode 100644
index 000000000000..90facf6eae06
--- /dev/null
+++ b/app-antivirus/clamav/files/clamav-0.99.3-VMSF_DELTA-fix-CVE-2012-6706.patch
@@ -0,0 +1,186 @@
+Apply proposed changes to fix RAR VMSF_DELTA Filter Signedness error (CVE-2012-6706)
+
+Cherry picked from commit a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805 [Link 1] and
+d4699442bce76574573dc564e7f2177d679b88bd [Link 2].
+
+Link 1: https://github.com/Cisco-Talos/clamav-devel/commit/a7d8447bd9a4d5ae1fa970c1849c8caeb5f1a805
+Link 2: https://github.com/Cisco-Talos/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
+
+--- a/libclamunrar/unrarvm.c
++++ b/libclamunrar/unrarvm.c
+@@ -213,17 +213,20 @@ void rarvm_addbits(rarvm_input_t *rarvm_input, int bits)
+
+ unsigned int rarvm_getbits(rarvm_input_t *rarvm_input)
+ {
+- unsigned int bit_field;
++ unsigned int bit_field = 0;
+
+- if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ if (rarvm_input->in_addr < rarvm_input->buf_size) {
+ bit_field = (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr] << 16;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
+- bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
+- bit_field >>= (8-rarvm_input->in_bit);
+-
+- return (bit_field & 0xffff);
++ if (rarvm_input->in_addr+1 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+1] << 8;
++ if (rarvm_input->in_addr+2 < rarvm_input->buf_size) {
++ bit_field |= (unsigned int) rarvm_input->in_buf[rarvm_input->in_addr+2];
++ }
++ }
+ }
+- return 0;
++ bit_field >>= (8-rarvm_input->in_bit);
++
++ return (bit_field & 0xffff);
+ }
+
+ unsigned int rarvm_read_data(rarvm_input_t *rarvm_input)
+@@ -311,10 +314,10 @@ static unsigned int *rarvm_get_operand(rarvm_data_t *rarvm_data,
+ }
+ }
+
+-static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int bit_count)
++static unsigned int filter_itanium_getbits(unsigned char *data, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int bit_field=(unsigned int)data[in_addr++];
+ bit_field|=(unsigned int)data[in_addr++] << 8;
+ bit_field|=(unsigned int)data[in_addr++] << 16;
+@@ -323,10 +326,10 @@ static unsigned int filter_itanium_getbits(unsigned char *data, int bit_pos, int
+ return(bit_field & (0xffffffff>>(32-bit_count)));
+ }
+
+-static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, int bit_pos, int bit_count)
++static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field, unsigned int bit_pos, unsigned int bit_count)
+ {
+- int i, in_addr=bit_pos/8;
+- int in_bit=bit_pos&7;
++ unsigned int i, in_addr=bit_pos/8;
++ unsigned int in_bit=bit_pos&7;
+ unsigned int and_mask=0xffffffff>>(32-bit_count);
+ and_mask=~(and_mask<<in_bit);
+
+@@ -343,11 +346,12 @@ static void filter_itanium_setbits(unsigned char *data, unsigned int bit_field,
+ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_filters_t filter_type)
+ {
+ unsigned char *data, cmp_byte2, cur_byte, *src_data, *dest_data;
+- int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
+- int op_type, cur_channel, byte_count, start_pos, pa, pb, pc;
++ unsigned int i, j, data_size, channels, src_pos, dest_pos, border, width, PosR;
++ unsigned int op_type, cur_channel, byte_count, start_pos;
++ int pa, pb, pc;
+ unsigned int file_offset, cur_pos, predicted;
+- int32_t offset, addr;
+- const int file_size=0x1000000;
++ uint32_t offset, addr;
++ const unsigned int file_size=0x1000000;
+
+ switch(filter_type) {
+ case VMSF_E8:
+@@ -356,7 +360,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ file_offset = rarvm_data->R[6];
+
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 4)) {
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 4)) {
+ break;
+ }
+
+@@ -367,12 +371,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ if (cur_byte==0xe8 || cur_byte==cmp_byte2) {
+ offset = cur_pos+file_offset;
+ addr = GET_VALUE(FALSE, data);
+- if (addr < 0) {
+- if (addr+offset >=0 ) {
++ // We check 0x80000000 bit instead of '< 0' comparison
++ // not assuming int32 presence or uint size and endianness.
++ if ((addr & 0x80000000)!=0) { // addr<0
++ if (((addr+offset) & 0x80000000)==0) { // addr+offset>=0
+ SET_VALUE(FALSE, data, addr+file_size);
+ }
+ } else {
+- if (addr<file_size) {
++ if (((addr-file_size) & 0x80000000)!=0) { // addr<file_size
+ SET_VALUE(FALSE, data, addr-offset);
+ }
+ }
+@@ -386,7 +392,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ file_offset = rarvm_data->R[6];
+
+- if (((unsigned int)data_size >= VM_GLOBALMEMADDR) || (data_size < 21)) {
++ if ((data_size > VM_GLOBALMEMADDR) || (data_size < 21)) {
+ break;
+ }
+
+@@ -429,7 +435,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ border = data_size*2;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 1024 || channels == 0) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
+@@ -440,7 +446,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ }
+ break;
+ case VMSF_RGB: {
+- const int channels=3;
++ const unsigned int channels=3;
+ data_size = rarvm_data->R[4];
+ width = rarvm_data->R[0] - 3;
+ PosR = rarvm_data->R[1];
+@@ -448,15 +454,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ dest_data = src_data + data_size;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2 || data_size < 3 || width > data_size || PosR > 2) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels; cur_channel++) {
+ unsigned int prev_byte = 0;
+ for (i=cur_channel ; i<data_size ; i+=channels) {
+- int upper_pos=i-width;
+- if (upper_pos >= 3) {
+- unsigned char *upper_data = dest_data+upper_pos;
++ if (i >= width+3) {
++ unsigned char *upper_data = dest_data+i-width;
+ unsigned int upper_byte = *upper_data;
+ unsigned int upper_left_byte = *(upper_data-3);
+ predicted = prev_byte+upper_byte-upper_left_byte;
+@@ -486,13 +491,14 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ break;
+ }
+ case VMSF_AUDIO: {
+- int channels=rarvm_data->R[0];
++ unsigned int channels=rarvm_data->R[0];
+ data_size = rarvm_data->R[4];
+ src_data = rarvm_data->mem;
+ dest_data = src_data + data_size;
+
+ SET_VALUE(FALSE, &rarvm_data->mem[VM_GLOBALMEMADDR+0x20], data_size);
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ // In fact, audio channels never exceed 4.
++ if (data_size > VM_GLOBALMEMADDR/2 || channels > 128 || channels == 0) {
+ break;
+ }
+ for (cur_channel=0 ; cur_channel < channels ; cur_channel++) {
+@@ -553,7 +559,7 @@ static void execute_standard_filter(rarvm_data_t *rarvm_data, rarvm_standard_fil
+ data_size = rarvm_data->R[4];
+ src_pos = 0;
+ dest_pos = data_size;
+- if ((unsigned int)data_size >= VM_GLOBALMEMADDR/2) {
++ if (data_size > VM_GLOBALMEMADDR/2) {
+ break;
+ }
+ while (src_pos < data_size) {
+--
+2.16.2
+