From 47c82af7270eb3db9abc17b0838f0ae171e74784 Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@nwra.com>
Date: May 07 2020 05:25:19 +0000
Subject: Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning

  certain PDFs

---

diff --git a/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch b/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
new file mode 100644
index 0000000..649e934
--- /dev/null
+++ b/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
@@ -0,0 +1,89 @@
+From 0e865c4f0e5ea5c4879681d843a9b93fc871fd90 Mon Sep 17 00:00:00 2001
+From: "Micah Snyder (micasnyd)" <micasnyd@cisco.com>
+Date: Mon, 6 Apr 2020 15:03:20 -0700
+Subject: [PATCH] PDF: Fix error Attempt to allocate 0 bytes
+
+The PDF parser currently prints verbose error messages when attempting
+to shrink a buffer down to actual data length after decoding if it turns
+out that the decoded stream was empty (0 bytes).  With exception to the
+verbose error messages, there's no real behavior issue.
+
+This commit fixes the issue by checking if any bytes were decoded before
+attempting to shrink the buffer.
+---
+ libclamav/pdfdecode.c | 27 ++++++++++++++++++---------
+ 1 file changed, 18 insertions(+), 9 deletions(-)
+
+diff --git a/libclamav/pdfdecode.c b/libclamav/pdfdecode.c
+index 8315f3a761..d63f7b1cd4 100644
+--- a/libclamav/pdfdecode.c
++++ b/libclamav/pdfdecode.c
+@@ -638,8 +638,11 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
+     }
+ 
+     if (rc == CL_SUCCESS) {
+-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+-        if (!(temp = cli_realloc(decoded, declen))) {
++        if (declen == 0) {
++            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
++            rc = CL_BREAK;
++        } else if (!(temp = cli_realloc(decoded, declen))) {
++            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
+             rc = CL_EMEM;
+         } else {
+@@ -647,7 +650,7 @@ static cl_error_t filter_rldecode(struct pdf_struct *pdf, struct pdf_obj *obj, s
+         }
+     }
+ 
+-    if (rc == CL_SUCCESS) {
++    if (rc == CL_SUCCESS || rc == CL_BREAK) {
+         free(token->content);
+ 
+         cli_dbgmsg("cli_pdf: decoded %lu bytes from %lu total bytes\n",
+@@ -817,8 +820,11 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
+     (void)inflateEnd(&stream);
+ 
+     if (rc == CL_SUCCESS) {
+-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+-        if (!(temp = cli_realloc(decoded, declen))) {
++        if (declen == 0) {
++            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
++            rc = CL_BREAK;
++        } else if (!(temp = cli_realloc(decoded, declen))) {
++            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
+             rc = CL_EMEM;
+         } else {
+@@ -826,7 +832,7 @@ static cl_error_t filter_flatedecode(struct pdf_struct *pdf, struct pdf_obj *obj
+         }
+     }
+ 
+-    if (rc == CL_SUCCESS) {
++    if (rc == CL_SUCCESS || rc == CL_BREAK) {
+         free(token->content);
+ 
+         token->content = decoded;
+@@ -1099,8 +1105,11 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+     (void)lzwInflateEnd(&stream);
+ 
+     if (rc == CL_SUCCESS) {
+-        /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+-        if (!(temp = cli_realloc(decoded, declen))) {
++        if (declen == 0) {
++            cli_dbgmsg("cli_pdf: empty stream after inflation completed.\n");
++            rc = CL_BREAK;
++        } else if (!(temp = cli_realloc(decoded, declen))) {
++            /* Shrink output buffer to final the decoded data length to minimize RAM usage */
+             cli_errmsg("cli_pdf: cannot reallocate memory for decoded output\n");
+             rc = CL_EMEM;
+         } else {
+@@ -1108,7 +1117,7 @@ static cl_error_t filter_lzwdecode(struct pdf_struct *pdf, struct pdf_obj *obj,
+         }
+     }
+ 
+-    if (rc == CL_SUCCESS) {
++    if (rc == CL_SUCCESS || rc == CL_BREAK) {
+         free(token->content);
+ 
+         token->content = decoded;
diff --git a/clamav.spec b/clamav.spec
index cdb8124..ea6574b 100644
--- a/clamav.spec
+++ b/clamav.spec
@@ -41,7 +41,7 @@
 Summary:    End-user tools for the Clam Antivirus scanner
 Name:       clamav
 Version:    0.102.2
-Release:    8%{?dist}
+Release:    9%{?dist}
 License:    %{?with_unrar:proprietary}%{!?with_unrar:GPLv2}
 URL:        https://www.clamav.net/
 %if %{with unrar}
@@ -91,6 +91,8 @@ Patch1:     clamav-default_confs.patch
 Patch2:     clamav-0.99-private.patch
 # Patch to use EL7 libcurl
 Patch3:     clamav-curl.patch
+# Upstream fix for "Attempt to allocate 0 bytes" while scanning PDFs
+Patch4:     https://github.com/Cisco-Talos/clamav-devel/commit/0e865c4f0e5ea5c4879681d843a9b93fc871fd90.patch
 
 BuildRequires:  autoconf automake gettext-devel libtool libtool-ltdl-devel
 BuildRequires:  gcc-c++
@@ -253,6 +255,7 @@ This package contains files which are needed to run the clamav-milter.
 %patch2 -p1 -b .private
 # Patch to use older libcurl
 %{?el7:%patch3 -p1 -b .curl}
+%patch4 -p1 -b .pdf
 
 install -p -m0644 %SOURCE300 clamav-milter/
 
@@ -615,6 +618,10 @@ fi
 
 
 %changelog
+* Sat May 02 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-9
+- Add upstream patch to fix "Attempt to allocate 0 bytes" errors while scanning
+  certain PDFs
+
 * Thu Apr 30 2020 Orion Poplawski <orion@nwra.com> - 0.102.2-8
 - Enable prelude support (bz#1829726)