From 9b4372f8753fd3ba8b65bbbfde506df24d84afd0 Mon Sep 17 00:00:00 2001
From: Wesley Shields <wxs@atarininja.org>
Date: Thu, 16 Jun 2022 11:41:18 -0400
Subject: [PATCH] Fix negative indexing in dex module. (#1730)

* Fix negative indexing in dex module.

When attempting to call dex_get_integer() or dex_get_string() with a negative
index we would eventually land in the assert() at
https://github.com/VirusTotal/yara/blob/master/libyara/object.c#L497 failing.
Instead of doing that let's check for negative values before going any further,
which will at least allow the module to continue processing.

* YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index.

* Revert "YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index."

This reverts commit 38af38fb8db54dc5fa8be1f28d5fc7648388822c.
---
 libyara/modules/dex/dex.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libyara/modules/dex/dex.c b/libyara/modules/dex/dex.c
index daa38363a3..1fbec8278e 100644
--- a/libyara/modules/dex/dex.c
+++ b/libyara/modules/dex/dex.c
@@ -418,7 +418,7 @@ static int64_t dex_get_integer(
     const char* pattern,
     int64_t index)
 {
-  if (index == YR_UNDEFINED)
+  if (index == YR_UNDEFINED || index < 0)
     return YR_UNDEFINED;
 
   // Impose a reasonably large limit to table indexes.
@@ -434,7 +434,7 @@ static SIZED_STRING* dex_get_string(
     const char* pattern,
     int64_t index)
 {
-  if (index == YR_UNDEFINED)
+  if (index == YR_UNDEFINED || index < 0)
     return NULL;
 
   // Impose a reasonably large limit to table indexes.