Memory-mapped files from tmpfs (major number = 0) are no longer ignored.

Closes #1663.

Closes #1672.

iterator->last_error is now initialized to ERROR_SUCCESS in yr_process_open_iterator. Additionally if yr_process_get_first_memory_block returns, NULL, iterator->last_error is set to ERROR_COULD_NOT_READ_PROCESS_MEMORY.

Also allow a 64 bits integer as the argument to --skip-larger both in Linux and Windows.

… to NULL.

As @1ndahous3 highlighted in #1674, not setting the pointer to NULL leads to a dangling pointer.

The previous version enters an infinite loop when calling d2i_PKCS7 with PE file 11203b5a4f18f40a86d74738c31a59c4ec1e838c177a415c46a372da49d4a51a.

Regular expressions with a character class followed by a dash (-) failed with "bad character range". For example,  /[0-9]-2/ was not accepted as a valid regexp.

In ARM the pointer returned by yr_notebook_alloc was being rounded up to a 4-bytes boundary, but the size of the buffer was not increased accordingly. This means the caller of yr_notebook_alloc could receive a buffer that is 1 to 3 bytes smaller than the requested sized.

Fix memory leaks described in #1703.

* test: Relax pe32 condition in magic tests

Turns out different versions of libmagic return different file
identification for the PE32 sample in magic tests. Relax this condition
to the common part of the identification to make tests less reliant on
the testing platform.

* test: Relax macho condition in magic tests

* Fix issue #1708

* Add test case for #1708

Build a dotnet pe that triggers this issue:
https://github.com/dangodangodango/BadDotnetPe

* Fix null derefrences while loading compiled rules

* Fix nulldereference in yr_object_create

* Fix assert to explicitly catch null identifier in yr_object_create

* Fix compiler warnings with dex debug mode.

* Fix crashes in dex module.

This commit fixes a few crashes in the dex module. There are actually three of
them:

The first is incorrect usage of "struct_fits_in_dex" caused by passing
"sizeof(code_item_t)" instead of just "code_item_t" as the third argument. In
the test case the pointer for code_item started in the bounds of the dex but
only the first 8 bytes were within bounds, and since
"sizeof(sizeof(code_item_t))" is less than 8 the check was passing. The fix here
is to pass just the struct type as the third argument.

The second crash was an off-by-one error when parsing a string. The check
ensured the string fits in the dex but was not including an extra byte which was
copied in the call to set_sized_string. Just like before, this was a case of a
string falling right on the end of a dex file.

The third crash was due to a missing "struct_fits_in_dex" check. We ended up
with a pointer to a map_item_t which was off the ends of the dex bounds.

With this commit all the test cases provided in the report are now passing. I
did a quick sweep of the module to make sure there were no other cases where we
were incorrectly using "struct_fits_in_dex" and didn't find any.

These were all documented at a private report via huntr.dev
(https://huntr.dev/bounties/007a7784-c211-4847-9cc3-aec38e7d5157/)

Found by @sudhackar.

Fixes #1726.

* Fix negative indexing in dex module.

When attempting to call dex_get_integer() or dex_get_string() with a negative
index we would eventually land in the assert() at
https://github.com/VirusTotal/yara/blob/master/libyara/object.c#L497 failing.
Instead of doing that let's check for negative values before going any further,
which will at least allow the module to continue processing.

* YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index.

* Revert "YR_UNDEFINED is < 0 already. Simplify the logic when checking for negative index."

This reverts commit 38af38f.

…ack.