From e23ac0d77bc13679d0ec9375a05cc82fded3eb94 Mon Sep 17 00:00:00 2001
From: Sudhakar Verma <10460978+sudhackar@users.noreply.github.com>
Date: Tue, 14 Jun 2022 17:16:12 +0530
Subject: [PATCH] Fix null derefrences while loading compiled rules (#1727)

* Fix null derefrences while loading compiled rules

* Fix nulldereference in yr_object_create

* Fix assert to explicitly catch null identifier in yr_object_create
---
 libyara/arena.c  | 3 ++-
 libyara/object.c | 1 +
 libyara/rules.c  | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/libyara/arena.c b/libyara/arena.c
index 00c1e9ad11..cf56baa983 100644
--- a/libyara/arena.c
+++ b/libyara/arena.c
@@ -597,7 +597,8 @@ int yr_arena_load_stream(YR_STREAM* stream, YR_ARENA** arena)
     YR_ARENA_BUFFER* b = &new_arena->buffers[reloc_ref.buffer_id];
 
     if (reloc_ref.buffer_id >= new_arena->num_buffers ||
-        reloc_ref.offset > b->used - sizeof(void*))
+        reloc_ref.offset > b->used - sizeof(void*) ||
+        b->data == NULL)
     {
       yr_arena_release(new_arena);
       return ERROR_CORRUPT_FILE;
diff --git a/libyara/object.c b/libyara/object.c
index b0a656a7c1..359feabb60 100644
--- a/libyara/object.c
+++ b/libyara/object.c
@@ -57,6 +57,7 @@ int yr_object_create(
   size_t object_size = 0;
 
   assert(parent != NULL || object != NULL);
+  assert(identifier != NULL);
 
   switch (type)
   {
diff --git a/libyara/rules.c b/libyara/rules.c
index df7f15077c..9cd1a2ebae 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -333,6 +333,9 @@ int yr_rules_from_arena(YR_ARENA* arena, YR_RULES** rules)
   YR_SUMMARY* summary = (YR_SUMMARY*) yr_arena_get_ptr(
       arena, YR_SUMMARY_SECTION, 0);
 
+  if (summary == NULL)
+    return ERROR_CORRUPT_FILE;
+
   // Now YR_RULES relies on this arena, let's increment the arena's
   // reference count so that if the original owner of the arena calls
   // yr_arena_destroy the arena is not destroyed.