Cisco-Talos
diff --git a/.github/workflows/clang-format.yml b/.github/workflows/clang-format.yml
@@ -56,9 +56,9 @@ jobs:
           - check: "win32/compat"
             exclude: ""
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Run clang-format style check for C/C++ programs.
-        uses: jidicula/clang-format-action@v4.4.1
+        uses: jidicula/clang-format-action@v4.13.0
         with:
           clang-format-version: "16"
           check-path: ${{ matrix.path['check'] }}

diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml
@@ -29,17 +29,17 @@ jobs:
         run: rm /usr/bin/link.exe
         shell: bash
 
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
 
       - name: Install Build Tools
-        uses: crazy-max/ghaction-chocolatey@v1
+        uses: crazy-max/ghaction-chocolatey@v3
         with:
           args: install wixtoolset
 
       - name: Install pytest for easier to read test results
         run: python3 -m pip install pytest
 
-      - uses: lukka/get-cmake@v3.21.2
+      - uses: lukka/get-cmake@v3.30.0
 
       # Restore from cache the previously built ports. If cache-miss, download, build vcpkg ports.
       - name: Restore vcpkg ports from cache or install vcpkg
@@ -91,7 +91,7 @@ jobs:
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
 
       - name: Install Build Tools
         run: brew install bison flex pipx
@@ -102,7 +102,7 @@ jobs:
       - name: Install pytest for easier to read test results
         run: pipx install pytest
 
-      - uses: lukka/get-cmake@v3.21.2
+      - uses: lukka/get-cmake@v3.30.0
 
       - name: Create Build Directory
         shell: bash
@@ -142,7 +142,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v4
 
       - name: Update package listings
         run: sudo apt-get update
@@ -156,7 +156,7 @@ jobs:
       - name: Install pytest for easier to read test results
         run: pipx install pytest
 
-      - uses: lukka/get-cmake@v3.21.2
+      - uses: lukka/get-cmake@v3.30.0
 
       - name: Create Build Directory
         shell: bash

diff --git a/clamonacc/inotif/inotif.c b/clamonacc/inotif/inotif.c
@@ -154,7 +154,7 @@ int onas_ddd_init(uint64_t nwatches, size_t ht_size)
     if (ret < 0) return CL_EREAD;
 
     tmp = strtol(nwatch_str, &p, 10);
-    if (tmp < 0 || tmp == LONG_MAX){
+    if (tmp < 0 || tmp == LONG_MAX) {
         /*Seems like a sane value (also the value on my ubuntu system)*/
         nwatches = 0x10000;
     } else {

diff --git a/cmake/FindRust.cmake b/cmake/FindRust.cmake
@@ -430,6 +430,8 @@ foreach(LINE ${LINE_LIST})
     string(REPLACE "native-static-libs: " "" LINE "${LINE}")
     string(REGEX REPLACE "  " "" LINE "${LINE}")
     string(REGEX REPLACE " " ";" LINE "${LINE}")
+    # remove linker flags
+    list(FILTER LINE EXCLUDE REGEX "/.*")
 
     if(LINE)
         message(STATUS "Rust's native static libs: ${LINE}")

diff --git a/libclamav/special.c b/libclamav/special.c
@@ -48,7 +48,8 @@
 
 int cli_check_mydoom_log(cli_ctx *ctx)
 {
-    const uint32_t *record;
+    uint32_t record[16];
+    const uint32_t *ptr;
     uint32_t check, key;
     fmap_t *map         = ctx->fmap;
     unsigned int blocks = map->len / (8 * 4);
@@ -59,14 +60,24 @@ int cli_check_mydoom_log(cli_ctx *ctx)
     if (blocks > 5)
         blocks = 5;
 
-    record = fmap_need_off_once(map, 0, 8 * 4 * blocks);
-    if (!record)
+    /*
+     * The following pointer might not be properly aligned. There there is
+     * memcmp() + memcpy() workaround to avoid performing an unaligned access
+     * while reading the uint32_t.
+     */
+    ptr = fmap_need_off_once(map, 0, 8 * 4 * blocks);
+    if (!ptr)
         return CL_CLEAN;
+
     while (blocks) { /* This wasn't probably intended but that's what the current code does anyway */
-        if (record[--blocks] == 0xffffffff)
+        const uint32_t marker_ff = 0xffffffff;
+
+	if (!memcmp(&ptr[--blocks], &marker_ff, sizeof(uint32_t)))
             return CL_CLEAN;
     }
 
+    memcpy(record, ptr, sizeof(record));
+
     key   = ~be32_to_host(record[0]);
     check = (be32_to_host(record[1]) ^ key) +
             (be32_to_host(record[2]) ^ key) +

diff --git a/libclamav_rust/src/alz.rs b/libclamav_rust/src/alz.rs
@@ -358,7 +358,9 @@ impl AlzLocalFileHeader {
             data: buffer.to_vec(),
         };
 
-        files.push(extracted_file);
+        if 0 != extracted_file.data.len() {
+            files.push(extracted_file);
+        }
     }
 
     fn extract_file_nocomp(

diff --git a/libclamav_rust/src/scanners.rs b/libclamav_rust/src/scanners.rs
@@ -49,8 +49,12 @@ pub fn magic_scan(ctx: *mut cli_ctx, buf: &[u8], name: Option<String>) -> cl_err
     let ptr = buf.as_ptr();
     let len = buf.len();
 
+    if 0 == len {
+        return cl_error_t_CL_SUCCESS;
+    }
+
     match &name {
-        Some(name) => debug!("Scanning {}-byte file named {}.", len, name),
+        Some(name) => debug!("Scanning {}-byte file named {:?}.", len, name),
         None => debug!("Scanning {}-byte unnamed file.", len),
     }
 
@@ -70,13 +74,14 @@ pub fn magic_scan(ctx: *mut cli_ctx, buf: &[u8], name: Option<String>) -> cl_err
     };
 
     let ret = unsafe { cli_magic_scan_buff(ptr as *const c_void, len, ctx, name_ptr, 0) };
-
     if ret != cl_error_t_CL_SUCCESS {
         debug!("cli_magic_scan_buff returned error: {}", ret);
     }
 
     // Okay now safe to drop the name CString.
-    let _ = unsafe { CString::from_raw(name_ptr) };
+    if !name_ptr.is_null() {
+        let _ = unsafe { CString::from_raw(name_ptr) };
+    }
 
     ret
 }