From bcc631299c9eba3af1fbf6e8a466650185e94988 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Mon, 12 Jun 2023 11:24:48 +0200
Subject: [PATCH] Fix bug in `yr_re_fast_exec` causing assertion in
 `_yr_scan_match_callback`

When an arbitrary file is scanned with the rule below it triggers the assertion at https://github.com/VirusTotal/yara/blob/v4.3.1/libyara/scan.c#L670
```
rule test {
     strings:
       $a = { 31[-][8-][-]30 }
     condition:
       $a
}
```
---
 libyara/re.c       |  5 +++--
 tests/test-rules.c | 12 ++++++++++++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/libyara/re.c b/libyara/re.c
index 0f682051e2..c78ceb247b 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -2291,10 +2291,11 @@ int yr_re_fast_exec(
         break;
 
       case RE_OPCODE_REPEAT_ANY_UNGREEDY:
-        if (bytes_matched >= max_bytes_matched)
+        repeat_any_args = (RE_REPEAT_ANY_ARGS*) (ip + 1);
+
+        if (bytes_matched + repeat_any_args->min >= max_bytes_matched)
           break;
 
-        repeat_any_args = (RE_REPEAT_ANY_ARGS*) (ip + 1);
         match = true;
 
         const uint8_t* next_opcode = ip + 1 + sizeof(RE_REPEAT_ANY_ARGS);
diff --git a/tests/test-rules.c b/tests/test-rules.c
index b8dbca20c1..c8c4846b1e 100644
--- a/tests/test-rules.c
+++ b/tests/test-rules.c
@@ -1601,6 +1601,18 @@ static void test_hex_strings()
         condition: $a }",
       "123440004");
 
+  assert_true_rule(
+      "rule test { \
+        strings: $a = { 31[-][8-][-]30 } \
+        condition: $a }",
+      "1234567890");
+
+  assert_false_rule(
+      "rule test { \
+        strings: $a = { 31[-][9-][-]30 } \
+        condition: $a }",
+      "1234567890");
+
   assert_error(
       "rule test { \
         strings: $a = { 01 [0] 02 } \