Fix null pointer dereference introduced in 8616165.

See: https://oss-fuzz.com/testcase?key=5726747190951936
VirusTotal · Jun 21, 2024 · 6fe197e · 6fe197e
1 parent 8616165
commit 6fe197e
Showing 1 changed file with 14 additions and 21 deletions.
diff --git a/libyara/parser.c b/libyara/parser.c
@@ -476,6 +476,11 @@ static int _yr_parser_write_string(
   FAIL_ON_ERROR(_yr_compiler_store_string(compiler, identifier, &ref));
 
   string->identifier = (const char*) yr_arena_ref_to_ptr(compiler->arena, &ref);
+  string->rule_idx = compiler->current_rule_idx;
+  string->idx = compiler->current_string_idx;
+  string->fixed_offset = YR_UNDEFINED;
+
+  compiler->current_string_idx++;
 
   if (modifier.flags & STRING_FLAGS_HEXADECIMAL ||
       modifier.flags & STRING_FLAGS_REGEXP ||
@@ -508,6 +513,14 @@ static int _yr_parser_write_string(
     string->length = (uint32_t) literal_string->length;
     string->string = (uint8_t*) yr_arena_ref_to_ptr(compiler->arena, &ref);
 
+    if (modifier.flags & STRING_FLAGS_WIDE)
+      max_string_len = string->length * 2;
+    else
+      max_string_len = string->length;
+
+    if (max_string_len <= YR_MAX_ATOM_LENGTH)
+      modifier.flags |= STRING_FLAGS_FITS_IN_ATOM;
+
     result = yr_atoms_extract_from_string(
         &compiler->atoms_config,
         (uint8_t*) literal_string->c_string,
@@ -579,32 +592,14 @@ static int _yr_parser_write_string(
   }
 
   string->flags = modifier.flags;
-  string->rule_idx = compiler->current_rule_idx;
-  string->idx = compiler->current_string_idx;
-  string->fixed_offset = YR_UNDEFINED;
 
   // Add the string to Aho-Corasick automaton.
   result = yr_ac_add_string(
-      compiler->automaton,
-      string,
-      compiler->current_string_idx,
-      atom_list,
-      compiler->arena);
+      compiler->automaton, string, string->idx, atom_list, compiler->arena);
 
   if (result != ERROR_SUCCESS)
     goto cleanup;
 
-  if (modifier.flags & STRING_FLAGS_LITERAL)
-  {
-    if (modifier.flags & STRING_FLAGS_WIDE)
-      max_string_len = string->length * 2;
-    else
-      max_string_len = string->length;
-
-    if (max_string_len <= YR_MAX_ATOM_LENGTH)
-      string->flags |= STRING_FLAGS_FITS_IN_ATOM;
-  }
-
   atom = atom_list;
   c = 0;
 
@@ -616,8 +611,6 @@ static int _yr_parser_write_string(
 
   (*num_atom) += c;
 
-  compiler->current_string_idx++;
-
 cleanup:
   if (free_literal)
     yr_free(literal_string);