Describe the bug
When running a debug build using the MSVC library, if the PE module is invoked by a rule, an assertion may be thrown while parsing the section names. This is caused by an out-of-range character being passed to the MSVC implementation of isprint(), which contains an assertion that the int should be essentially an unsigned char.
An assertion similar to the below will be triggered.
Debug Assertion Failed!
File: minkernel\crts\ucrt\appcrt\convert\isctype.cpp
Line: 36
Expression: c >= -1 && c <= 255
Describe the bug When running a debug build using the MSVC library, if the PE module is invoked by a rule, an assertion may be thrown while parsing the section names. This is caused by an out-of-range character being passed to the MSVC implementation of
isprint(), which contains an assertion that theintshould be essentially anunsigned char.An assertion similar to the below will be triggered.
Sample malware that triggers the issue: 3f66866cb808ce5d827a765e29f0bd1bc24c1cec70b66ee92f4d393aa619f0e6
To Reproduce Statically link the MSVC C libraries. Run your program in debug mode against a sample with a rule that uses the PE module.
Expected behavior No assertion/crash in debug mode.
Please complete the following information:
Additional context This is technically more of a bug with the MSVC, but it should be accounted for to prevent crashing debug builds using it.
Related: https://github.com/VirusTotal/yara/issues/1956