Dex fixes

libyara/modules/dex/dex.c

@@ -619,7 +619,7 @@ uint32_t load_encoded_field(
   {
 #ifdef DEBUG_DEX_MODULE
     printf(
-        "[DEX]\tFIELD_NAME %s NAME_IDX 0x%x\n", field_name->c_string, name_idx);
+        "[DEX]\tFIELD_NAME %s NAME_IDX 0x%llx\n", field_name->c_string, name_idx);
 #endif
 
     set_sized_string(
@@ -643,7 +643,7 @@ uint32_t load_encoded_field(
   {
 #ifdef DEBUG_DEX_MODULE
     printf(
-        "[DEX]\tCLASS_NAME %s CLASS_IDX 0x%x DESCRIPTOR_IDX 0x%x\n",
+        "[DEX]\tCLASS_NAME %s CLASS_IDX 0x%llx DESCRIPTOR_IDX 0x%llx\n",
         class_name->c_string,
         class_idx,
         descriptor_idx);
@@ -748,7 +748,7 @@ uint32_t load_encoded_method(
     return 0;
 
 #ifdef DEBUG_DEX_MODULE
-  printf("[DEX]\tNAME_IDX 0x%x\n", name_idx);
+  printf("[DEX]\tNAME_IDX 0x%llx\n", name_idx);
 #endif
 
 #ifdef DEBUG_DEX_MODULE
@@ -768,7 +768,7 @@ uint32_t load_encoded_method(
   {
 #ifdef DEBUG_DEX_MODULE
     printf(
-        "[DEX]\tMETHOD_NAME %s NAME_IDX 0x%x\n",
+        "[DEX]\tMETHOD_NAME %s NAME_IDX 0x%llx\n",
         method_name->c_string,
         name_idx);
 #endif
@@ -794,7 +794,7 @@ uint32_t load_encoded_method(
   {
 #ifdef DEBUG_DEX_MODULE
     printf(
-        "[DEX]\tCLASS_NAME %s CLASS_IDX 0x%x DESCRIPTOR_IDX:0x%x\n",
+        "[DEX]\tCLASS_NAME %s CLASS_IDX 0x%llx DESCRIPTOR_IDX:0x%llx\n",
         class_name->c_string,
         class_idx,
         descriptor_idx);
@@ -821,7 +821,7 @@ uint32_t load_encoded_method(
   {
 #ifdef DEBUG_DEX_MODULE
     printf(
-        "[DEX]\tPROTO_NAME %s CLASS_IDX 0x%x DESCRIPTOR_IDX:0x%x\n",
+        "[DEX]\tPROTO_NAME %s CLASS_IDX 0x%llx DESCRIPTOR_IDX:0x%llx\n",
         proto_name->c_string,
         class_idx,
         descriptor_idx);
@@ -842,7 +842,7 @@ uint32_t load_encoded_method(
 #endif
 
     if (struct_fits_in_dex(
-            dex, dex->data + encoded_method.code_off, sizeof(code_item_t)))
+            dex, dex->data + encoded_method.code_off, code_item_t))
     {
       code_item_t* code_item =
           (code_item_t*) (dex->data + encoded_method.code_off);
@@ -954,7 +954,7 @@ void dex_parse(DEX* dex, uint64_t base_address)
 
     if (!fits_in_dex(
             dex,
-            dex->data + yr_le32toh(string_id_item->string_data_offset),
+            dex->data + yr_le32toh(string_id_item->string_data_offset) + 1,
             value))
       continue;
 
@@ -967,8 +967,8 @@ void dex_parse(DEX* dex, uint64_t base_address)
     set_integer(value, dex->object, "string_ids[%i].size", i);
 
     set_sized_string(
-        (const char*) ((
-            dex->data + yr_le32toh(string_id_item->string_data_offset) + 1)),
+        (const char*) (
+            dex->data + yr_le32toh(string_id_item->string_data_offset) + 1),
         value,
         dex->object,
         "string_ids[%i].value",
@@ -1124,6 +1124,9 @@ void dex_parse(DEX* dex, uint64_t base_address)
       map_item_t* map_item =
           (map_item_t*) (dex->data + yr_le32toh(dex_header->map_offset) + sizeof(uint32_t) + i * sizeof(map_item_t));
 
+      if (!struct_fits_in_dex(dex, map_item, map_item_t))
+        return;
+
       set_integer(
           yr_le16toh(map_item->type),
           dex->object,