[Forensics-changes] [yara] 304/415: Fix integer wrap-around bug causing segmentation fault

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit c06c01997b5700c15b3307e87bd397708f130651
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Tue Dec 10 12:59:08 2013 +0100

    Fix integer wrap-around bug causing segmentation fault
---
 libyara/rules.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/libyara/rules.c b/libyara/rules.c
index 7141c93..b0d6fdc 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -805,7 +805,6 @@ int yr_rules_scan_mem_block(
   YR_AC_STATE* current_state;
 
   time_t current_time;
-  size_t offset;
   size_t i;
 
   current_state = rules->automaton->root;
@@ -819,13 +818,11 @@ int yr_rules_scan_mem_block(
     {
       if (ac_match->backtrack <= i)
       {
-        offset = i - ac_match->backtrack;
-
         _yr_scan_verify_match(
               ac_match,
               data,
               data_size,
-              offset,
+              i - ac_match->backtrack,
               matches_arena,
               fast_scan_mode);
       }
@@ -859,13 +856,16 @@ int yr_rules_scan_mem_block(
 
   while (ac_match != NULL)
   {
-    _yr_scan_verify_match(
-        ac_match,
-        data,
-        data_size,
-        data_size - ac_match->backtrack,
-        matches_arena,
-        fast_scan_mode);
+    if (ac_match->backtrack <= data_size)
+    {
+      _yr_scan_verify_match(
+          ac_match,
+          data,
+          data_size,
+          data_size - ac_match->backtrack,
+          matches_arena,
+          fast_scan_mode);
+    }
 
     ac_match = ac_match->next;
   }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git