search

VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
8.18k stars 1.43k forks source link

Yara 3.4.0 / Win32 printf bug, incorrect module data for 64 bit integers #340

Closed craiu closed 9 years ago

craiu commented 9 years ago

Hi!

Version: Yara 3.4.0, x64 When used with the -D switch, the debug information indicates wrong printf number formatting. Example:

pe
        number_of_signatures = UNDEFINED
        signatures
        number_of_resources = %I64d
        resources
                [0]
                        offset = %I64d
                        length = %I64d
                        type = UNDEFINED
                        id = UNDEFINED
                        language = %I64d

Note the "%I64d" instead of the expected number.

The issue comes from:

https://github.com/plusvic/yara/blob/master/libyara/object.c#L1093

Line in question:

      if (((YR_OBJECT_INTEGER*) object)->value != UNDEFINED)
        printf(" = %" PRIu64, ((YR_OBJECT_INTEGER*) object)->value);

PRIu64 is defined as:

#if _WIN32
#define PRIu64 "%I64d"
#else

As a result, we end up with formatting string of %%I64d which doesn't work.

plusvic commented 9 years ago

Fixed in commit c7efac75c0bf560d237872afa98f657bcbc76bfb