The compiler hits some asserts when compiling this rule:
rule r{condition:for 5f in(""):(f
It looks like the value of the expression here is undefined, so when trying to use the buffer_id and offset fields of the sized_string_ref we end up using the upper and lower halves of YR_UNDEFINED as if they are real values.
I'm not sure I like checking for YR_UNDEFINED using the integer field of the union, so I'm open to better ideas here.
The compiler hits some asserts when compiling this rule:
It looks like the value of the expression here is undefined, so when trying to use the buffer_id and offset fields of the sized_string_ref we end up using the upper and lower halves of YR_UNDEFINED as if they are real values.
I'm not sure I like checking for YR_UNDEFINED using the integer field of the union, so I'm open to better ideas here.
Found by: Google clusterfuzz