Skip to content

Commit 6fe197e

Browse files
plusvicplusvic
committed
Fix null pointer dereference introduced in 8616165.
See: https://oss-fuzz.com/testcase?key=5726747190951936
1 parent 8616165 commit 6fe197e

File tree

1 file changed

+14
-21
lines changed

1 file changed

+14
-21
lines changed

libyara/parser.c

+14-21
Original file line numberDiff line numberDiff line change
@@ -476,6 +476,11 @@ static int _yr_parser_write_string(
476476
FAIL_ON_ERROR(_yr_compiler_store_string(compiler, identifier, &ref));
477477

478478
string->identifier = (const char*) yr_arena_ref_to_ptr(compiler->arena, &ref);
479+
string->rule_idx = compiler->current_rule_idx;
480+
string->idx = compiler->current_string_idx;
481+
string->fixed_offset = YR_UNDEFINED;
482+
483+
compiler->current_string_idx++;
479484

480485
if (modifier.flags & STRING_FLAGS_HEXADECIMAL ||
481486
modifier.flags & STRING_FLAGS_REGEXP ||
@@ -508,6 +513,14 @@ static int _yr_parser_write_string(
508513
string->length = (uint32_t) literal_string->length;
509514
string->string = (uint8_t*) yr_arena_ref_to_ptr(compiler->arena, &ref);
510515

516+
if (modifier.flags & STRING_FLAGS_WIDE)
517+
max_string_len = string->length * 2;
518+
else
519+
max_string_len = string->length;
520+
521+
if (max_string_len <= YR_MAX_ATOM_LENGTH)
522+
modifier.flags |= STRING_FLAGS_FITS_IN_ATOM;
523+
511524
result = yr_atoms_extract_from_string(
512525
&compiler->atoms_config,
513526
(uint8_t*) literal_string->c_string,
@@ -579,32 +592,14 @@ static int _yr_parser_write_string(
579592
}
580593

581594
string->flags = modifier.flags;
582-
string->rule_idx = compiler->current_rule_idx;
583-
string->idx = compiler->current_string_idx;
584-
string->fixed_offset = YR_UNDEFINED;
585595

586596
// Add the string to Aho-Corasick automaton.
587597
result = yr_ac_add_string(
588-
compiler->automaton,
589-
string,
590-
compiler->current_string_idx,
591-
atom_list,
592-
compiler->arena);
598+
compiler->automaton, string, string->idx, atom_list, compiler->arena);
593599

594600
if (result != ERROR_SUCCESS)
595601
goto cleanup;
596602

597-
if (modifier.flags & STRING_FLAGS_LITERAL)
598-
{
599-
if (modifier.flags & STRING_FLAGS_WIDE)
600-
max_string_len = string->length * 2;
601-
else
602-
max_string_len = string->length;
603-
604-
if (max_string_len <= YR_MAX_ATOM_LENGTH)
605-
string->flags |= STRING_FLAGS_FITS_IN_ATOM;
606-
}
607-
608603
atom = atom_list;
609604
c = 0;
610605

@@ -616,8 +611,6 @@ static int _yr_parser_write_string(
616611

617612
(*num_atom) += c;
618613

619-
compiler->current_string_idx++;
620-
621614
cleanup:
622615
if (free_literal)
623616
yr_free(literal_string);

0 commit comments

Comments
 (0)