fix several bugs in array type handling in dotnet module #2064
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@vthib do you have some .NET files that trigger these issues. I want to have some reference files and check that this is correctly done on YARA-X as well. |
|
Yes, I crafted some files for testing in boreal, one of which test array sizes: types2.dll lo bound values on arrays cannot be used in C# files afaik, but they can easily be tested with MSIL files. The aforementioned file was generated from this source code: types2.cil This makes it easy to compare the syntax used in the MSIL file with the type strings generated in the yara module. |
Several bugs were present in the parsing and generation of a string to
represent an array type, notably when the "lo_bound" value is set.
- The "read_blob_signed" was buggy for values outside the
[-2**6, 2**6-1], the sign edition did not use the right bitmask,
and the type used was unsigned.
- The display when lo_bound != 0 was buggy:
- size=5, lobound=0 => should be `5`, this was ok
- size=5, lobound=1 => should be `1...5`, this was buggy and displayed
`1...6`. The "range format" is inclusive.
- 0 should still be displayed if size is 0. Only when size is unset
should it be left out. So an array declared as `[5,0,3]` should be
displayed the same way, and not as `[5,,3]`.
vthib
force-pushed
the
fix-dotnet-array-type
branch
from
1685942
to
953df53
Compare
|
I fixed an unnecessary change, should be ok now |
plusvic
approved these changes
May 2, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Several bugs were present in the parsing and generation of a string to represent an array type, notably when the "lo_bound" value is set.
The "read_blob_signed" was buggy for values outside the
[-2**6, 2**6-1], the sign edition did not use the right bitmask, and the type used was unsigned.The display when lo_bound != 0 was buggy:
5, this was ok1...5, this was buggy and displayed1...6. The "range format" is inclusive.0 should still be displayed if size is 0. Only when size is unset should it be left out. So an array declared as
[5,0,3]should be displayed the same way, and not as[5,,3].