From 6fe197e1bca069d1e79c68fecc46619e788829e6 Mon Sep 17 00:00:00 2001 From: "Victor M. Alvarez" Date: Fri, 21 Jun 2024 16:25:46 +0200 Subject: [PATCH] Fix null pointer dereference introduced in 8616165. See: https://oss-fuzz.com/testcase?key=5726747190951936 --- libyara/parser.c | 35 ++++++++++++++--------------------- 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/libyara/parser.c b/libyara/parser.c index dbc47deea3..58f8caa5fe 100644 --- a/libyara/parser.c +++ b/libyara/parser.c @@ -476,6 +476,11 @@ static int _yr_parser_write_string( FAIL_ON_ERROR(_yr_compiler_store_string(compiler, identifier, &ref)); string->identifier = (const char*) yr_arena_ref_to_ptr(compiler->arena, &ref); + string->rule_idx = compiler->current_rule_idx; + string->idx = compiler->current_string_idx; + string->fixed_offset = YR_UNDEFINED; + + compiler->current_string_idx++; if (modifier.flags & STRING_FLAGS_HEXADECIMAL || modifier.flags & STRING_FLAGS_REGEXP || @@ -508,6 +513,14 @@ static int _yr_parser_write_string( string->length = (uint32_t) literal_string->length; string->string = (uint8_t*) yr_arena_ref_to_ptr(compiler->arena, &ref); + if (modifier.flags & STRING_FLAGS_WIDE) + max_string_len = string->length * 2; + else + max_string_len = string->length; + + if (max_string_len <= YR_MAX_ATOM_LENGTH) + modifier.flags |= STRING_FLAGS_FITS_IN_ATOM; + result = yr_atoms_extract_from_string( &compiler->atoms_config, (uint8_t*) literal_string->c_string, @@ -579,32 +592,14 @@ static int _yr_parser_write_string( } string->flags = modifier.flags; - string->rule_idx = compiler->current_rule_idx; - string->idx = compiler->current_string_idx; - string->fixed_offset = YR_UNDEFINED; // Add the string to Aho-Corasick automaton. result = yr_ac_add_string( - compiler->automaton, - string, - compiler->current_string_idx, - atom_list, - compiler->arena); + compiler->automaton, string, string->idx, atom_list, compiler->arena); if (result != ERROR_SUCCESS) goto cleanup; - if (modifier.flags & STRING_FLAGS_LITERAL) - { - if (modifier.flags & STRING_FLAGS_WIDE) - max_string_len = string->length * 2; - else - max_string_len = string->length; - - if (max_string_len <= YR_MAX_ATOM_LENGTH) - string->flags |= STRING_FLAGS_FITS_IN_ATOM; - } - atom = atom_list; c = 0; @@ -616,8 +611,6 @@ static int _yr_parser_write_string( (*num_atom) += c; - compiler->current_string_idx++; - cleanup: if (free_literal) yr_free(literal_string);