From f26df27298534ba7f6c7b38e527aac65f35ef487 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Thu, 2 May 2024 12:05:10 +0200
Subject: [PATCH] fix: issues while parsing array type definitions in `dotnet`
 module.

See: https://github.com/VirusTotal/yara/pull/2064
---
 lib/src/modules/dotnet/parser.rs              |  27 +++--
 ...940e98d03e054ca2b88ef5a41f72b5787841b3.out |   2 +-
 .../dotnet/tests/testdata/types2.dll.in.zip   | Bin 0 -> 1571 bytes
 .../dotnet/tests/testdata/types2.dll.out      | 112 ++++++++++++++++++
 4 files changed, 131 insertions(+), 10 deletions(-)
 create mode 100644 lib/src/modules/dotnet/tests/testdata/types2.dll.in.zip
 create mode 100644 lib/src/modules/dotnet/tests/testdata/types2.dll.out

diff --git a/lib/src/modules/dotnet/parser.rs b/lib/src/modules/dotnet/parser.rs
index 24b53d932..7c25ed50e 100644
--- a/lib/src/modules/dotnet/parser.rs
+++ b/lib/src/modules/dotnet/parser.rs
@@ -1212,19 +1212,28 @@ impl<'a> Dotnet<'a> {
 
                 write!(output, "[")?;
                 for i in 0..dimensions {
-                    let size = sizes.get(i as usize).cloned().unwrap_or(0);
-                    if size > 0 {
-                        let l =
-                            lower_bounds.get(i as usize).cloned().unwrap_or(0);
-                        let h = l + (size as i32);
-                        if l == 0 {
+                    let i = i as usize;
+                    let size = sizes.get(i).cloned().map(|s| s as i32);
+                    let lower_bound = lower_bounds.get(i).cloned();
+
+                    match (lower_bound, size) {
+                        (Some(0), Some(size)) => {
                             write!(output, "{}", size)?;
-                        } else {
-                            write!(output, "{}...{}", l, h)?;
                         }
+                        (Some(l), Some(size)) if size >= 1 => {
+                            write!(output, "{}...{}", l, l + size - 1)?;
+                        }
+                        (Some(l), None) => {
+                            write!(output, "{}...", l)?;
+                        }
+                        (None, Some(size)) => {
+                            write!(output, "{}", size)?;
+                        }
+                        _ => {}
                     }
+
                     // If not the last item, prepend a comma.
-                    if i + 1 != dimensions {
+                    if i + 1 != dimensions as usize {
                         write!(output, ",")?;
                     }
                 }
diff --git a/lib/src/modules/dotnet/tests/testdata/88d0d0692e675cd5fafb57db4f940e98d03e054ca2b88ef5a41f72b5787841b3.out b/lib/src/modules/dotnet/tests/testdata/88d0d0692e675cd5fafb57db4f940e98d03e054ca2b88ef5a41f72b5787841b3.out
index f31527011..3da3a7eaf 100644
--- a/lib/src/modules/dotnet/tests/testdata/88d0d0692e675cd5fafb57db4f940e98d03e054ca2b88ef5a41f72b5787841b3.out
+++ b/lib/src/modules/dotnet/tests/testdata/88d0d0692e675cd5fafb57db4f940e98d03e054ca2b88ef5a41f72b5787841b3.out
@@ -6402,7 +6402,7 @@ classes:
           - name: "stomizeService"
             type: "dLine.Definitions.solverDef<erSerializer.estComparator,object[]>"
           - name: "eField"
-            type: "erSerializer.Prototype<ototypeAuth,erSerializer.estComparator>[668,-55...-53,-64...-46,-55...54,1...30,7...35,-61...-54,1...11,-54...-52,9...27,534...1594,-63...-45,-55...54,11,-55...-34,-64...-46,-55...1013,1...4,,,]"
+            type: "erSerializer.Prototype<ototypeAuth,erSerializer.estComparator>[668,-55...-54,-64...-47,-55...53,1...29,7...34,-61...-55,1...10,-54...-53,9...26,534...1593,-63...-46,-55...53,11,-55...-35,-64...-47,-55...1012,1...3,4...,,]"
           - name: "wField"
             type: "byte"
           - name: "lComparator"
diff --git a/lib/src/modules/dotnet/tests/testdata/types2.dll.in.zip b/lib/src/modules/dotnet/tests/testdata/types2.dll.in.zip
new file mode 100644
index 0000000000000000000000000000000000000000..3f1a9656510eb47edbe407b3d7f12e514b311be8
GIT binary patch
literal 1571
zcmb7Ec`(}v6#gM~w4zPxR!xsJ>IkE5>)48;k~-Q5Ypu3YM8y$xg^p;csH(<Y*QO|<
zZgJJEh@*A2b+riAoe-@kv1pf_?(EL&&d%(6^UZrR-}~PC>wPvzK9DFNxSty6oF9R2
z5i1S=VBj?1AB=bPyP)FY>8Wzd8*K{)1Ujy$yV3V?Py+}@03HyiffoRwuJZt~sZI&A
zio%goKEsnS5Z;yGO0|_R3qMdogaKQ_U(RZU47Cu*-hkF_bYjP}x2IRlT5L7yPVIgT
z3j?K$R;bi=Zj~V&#Pa920#y$0sK!}#^VcfG6m>O=I!w~$6HkgS=)9)3`o>z#+_j%b
zpvu9bF|k5xDwHY{GVbMdOKKaWtb<^pmc^HM>`1fMdVjCxjnqk{%-r^9h!p-FY?1b^
zT~_UUV@)33o#a9|&VEkk-0mRMd7}t2dkQ`#-n!z!PAb@|gtdvj$<jEekAym2@&?!c
zvlp}`2j5(IlUx)ZxwEp#Fso00Lc|qZnZdA5GM-MUdJVlPpKn4(j&pj4@{cad8V&`p
zsc$+1?IIgYJ&438`(e^f{vu9FYyBPF$4gtM(a<i4WoKbA!|g2fh;HjQBXY!(K><|F
zW$Dr4a(~j8kD{X?(_OoJSD(2ZI{#^QvB^3{R#IKd{^`uRHp@Peyt7-j8N%t5tTGh&
znwT3nsleW)x#6C$Uacu>6yo<}O_{6ZrDX3AT6Z;d5dJpH=5>%XBej|XpF=lYRNvOc
zDP}1c$mr)`BQhxGR!5P-xzoYs_>Dn@sJ2?JhYo7vG99kY*rD&h6NRHGO&sW_$c5w)
zs{rSk_zX&@$2}LeRg8z=_Vfw)SLv)vq$D^Gwr4&y6m8Aw9uB8%L5x4b_O!Y&#uSub
zqijQ)`BTOUZi1qk>VhmsB;Dprv{y*`XKIvGx_(#Bs$=6TS}xo#T^xM(FkPlsqv7$n
z)`CKL<>5Cu72vI2nJ*#JhOIE_4CDD{QqXI@33gVavKY5nia*FCHYuFvp|;UZ28Ac&
z6P(@2-**@-#|#FfMrtyv!cxwlpoQSD_r`E*{To|#*3wB@N=J!qtk}oJ+uT7gYdi?>
zycRd_&YOg}56K!9ZY-?o8k+T_r<~zywk&aRv(=?~w8zXqXpy23s#jI>VA+Efj1yv_
zaNUKzvjv|?=D*x0pE;YoxP;I5d@DOk>WI4aY&keN98rTtoFBL8sqRN_VmkD!IivzL
zHs69xX*R7LGpMWgUfSX4=_yWSM@j6tXrMpFg6+J5LbQ7@jv2)0_S{U?6fgcj7mjGh
z)@D#(t;7kEbKfNdHk$i`Qd=I*+gIno_5&R(#*j>52gZYV(Y_kRDYqL0<<iOuGF>v{
zMU@M306mj3F%eVx)U*1FkW<K<Q`hQp;2r2Mjj|^UTDnUfb(yn{4PLA_oe)|&Uef4E
z!#f3w1juNP)@0=m;r#~+!6UnueYfOK$vt{lkpC08z627WXNc{Sv2<AnFiuxK<TLw;
z8hYZD4!tnNT;iNBM;oe%PEv9e!<J7Pu)NEc92SZLlBKgp5*o_CS0NoAPnQFwJ6GHt
zL9{1$7TUU|n3AJwCd<c6J8RVZ)@&svHFNL8b%i{e+u|E_c;OfrnzTCLMimPy)Bf%B
zCN7-H1P^y6HyP8Li-a)Adyit7bFGO`{T_*7KX;=vX%YrDwg5FN(Q&Ox5XvQm7K!9Y
zOXf4d5&OD`Dc0hhabaSKJk(2*8+Bc#HbwYa7}kivwKH-&!oSv1IatxwwWgf#qRnV`
zsZR3(p^&Kc2M_~?9gUe1O1YH9mY1j&fq<Z|C_+=U=f@-pnDVyrB`QRVfEeJnUVcCQ
z?Ukq-|0Eq|(o%m;GqU{esefM~KIRr57Px!J1}Pvo`fDE7{ty5h__7U>hgX#EFVFrv
gci`E7M((|X?teMB4e}8Gfrw{69rr73|0DqX4*W*-QUCw|

literal 0
HcmV?d00001

diff --git a/lib/src/modules/dotnet/tests/testdata/types2.dll.out b/lib/src/modules/dotnet/tests/testdata/types2.dll.out
new file mode 100644
index 000000000..6383207bb
--- /dev/null
+++ b/lib/src/modules/dotnet/tests/testdata/types2.dll.out
@@ -0,0 +1,112 @@
+is_dotnet: true
+module_name: "types2.dll"
+version: "v4.0.30319"
+number_of_streams: 5
+number_of_guids: 1
+number_of_resources: 0
+number_of_classes: 2
+number_of_assembly_refs: 0
+number_of_modulerefs: 0
+number_of_user_strings: 1
+number_of_constants: 0
+number_of_field_offsets: 0
+streams:
+  - name: "#~"
+    offset: 708
+    size: 216
+  - name: "#Strings"
+    offset: 924
+    size: 100
+  - name: "#US"
+    offset: 1024
+    size: 8
+  - name: "#GUID"
+    offset: 1032
+    size: 16
+  - name: "#Blob"
+    offset: 1048
+    size: 172
+guids:
+  - "de63c758-8c65-4928-b244-b60ad6cdb2a0"
+classes:
+  - fullname: "Cmk"
+    name: "Cmk"
+    visibility: "public"
+    type: "class"
+    abstract: false
+    sealed: false
+    number_of_base_types: 1
+    number_of_generic_parameters: 0
+    number_of_methods: 0
+    base_types:
+      - "<Module>"
+  - fullname: "VolatileMethods"
+    name: "VolatileMethods"
+    visibility: "public"
+    type: "class"
+    abstract: false
+    sealed: false
+    number_of_base_types: 1
+    number_of_generic_parameters: 0
+    number_of_methods: 3
+    base_types:
+      - "<Module>"
+    methods:
+      - name: "withCmod"
+        visibility: "public"
+        abstract: false
+        static: false
+        virtual: false
+        final: false
+        return_type: "void"
+        number_of_generic_parameters: 0
+        number_of_parameters: 2
+        parameters:
+          - name: "i"
+            type: "Ptr<int>"
+          - name: "j"
+            type: "int"
+      - name: "withArrays"
+        visibility: "public"
+        abstract: false
+        static: false
+        virtual: false
+        final: false
+        return_type: "void"
+        number_of_generic_parameters: 0
+        number_of_parameters: 7
+        parameters:
+          - name: "a"
+            type: "int[3]"
+          - name: "b"
+            type: "uint[4,1...2,0,,,]"
+          - name: "c"
+            type: "short[1...2,6...8]"
+          - name: "d"
+            type: "ulong[5,3...5,,]"
+          - name: "e"
+            type: "byte[8...23,0,5,2...2,-5...8,3...4]"
+          - name: "f"
+            type: "sbyte[53...,-34...]"
+          - name: "g"
+            type: "ushort[1032...8388608,-1032...512,-8388608...-1032]"
+      - name: "compressionValues"
+        visibility: "public"
+        abstract: false
+        static: false
+        virtual: false
+        final: false
+        return_type: "void"
+        number_of_generic_parameters: 0
+        number_of_parameters: 4
+        parameters:
+          - name: "a"
+            type: "sbyte[-65...,-64...,63...,64...]"
+          - name: "b"
+            type: "sbyte[-8193...,-8192...,8191...,8192...]"
+          - name: "c"
+            type: "sbyte[-268435456...,268435455...]"
+          - name: "d"
+            type: "sbyte[0,127,128,256,16383,16384,268435455]"
+user_strings:
+  - " \x00"
\ No newline at end of file