Fix bug in yr_rules_from_arena
causing allocation of bitmask of wrong size
#1934
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is a bug introduced in 1c309a8: the size of bitmask to allocate is calculated with undefined
new_rules->num_rules
value instead of passedsummary->num_rules
, so theYR_BITMASK_SIZE()
is evaluated as random value, sometimes less then needed.In my case
new_rules->num_rules == 0
soYR_BITMASK_SIZE(new_rules->num_rules) == 1
and I get 4 (1 * sizeof(YR_BITMASK)
) bytes allocated for bitmask. After that I get heap corruption because of writing of first bit of non-allocated 5th byte for 128 rule (i == 128
) here:yara/libyara/rules.c
Lines 378 to 384 in 1c309a8