Skip to content

Commit

Permalink
Fix bug in yr_re_fast_exec causing assertion in `_yr_scan_match_cal…
Browse files Browse the repository at this point in the history
…lback`

When an arbitrary file is scanned with the rule below it triggers the assertion at https://github.com/VirusTotal/yara/blob/v4.3.1/libyara/scan.c#L670
```
rule test {
     strings:
       $a = { 31[-][8-][-]30 }
     condition: 
       $a 
}
```
  • Loading branch information
plusvic committed Jun 12, 2023
1 parent 2653732 commit bcc6312
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 2 deletions.
5 changes: 3 additions & 2 deletions libyara/re.c
Original file line number Diff line number Diff line change
Expand Up @@ -2291,10 +2291,11 @@ int yr_re_fast_exec(
break;

case RE_OPCODE_REPEAT_ANY_UNGREEDY:
if (bytes_matched >= max_bytes_matched)
repeat_any_args = (RE_REPEAT_ANY_ARGS*) (ip + 1);

if (bytes_matched + repeat_any_args->min >= max_bytes_matched)
break;

repeat_any_args = (RE_REPEAT_ANY_ARGS*) (ip + 1);
match = true;

const uint8_t* next_opcode = ip + 1 + sizeof(RE_REPEAT_ANY_ARGS);
Expand Down
12 changes: 12 additions & 0 deletions tests/test-rules.c
Original file line number Diff line number Diff line change
Expand Up @@ -1601,6 +1601,18 @@ static void test_hex_strings()
condition: $a }",
"123440004");

assert_true_rule(
"rule test { \
strings: $a = { 31[-][8-][-]30 } \
condition: $a }",
"1234567890");

assert_false_rule(
"rule test { \
strings: $a = { 31[-][9-][-]30 } \
condition: $a }",
"1234567890");

assert_error(
"rule test { \
strings: $a = { 01 [0] 02 } \
Expand Down

0 comments on commit bcc6312

Please sign in to comment.