From 30de7fe609c5f8a5f3768b091fea0da23746fda0 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Wed, 15 Nov 2023 09:33:56 +0100
Subject: [PATCH] fix: add sanity check that prevents parsing corrupted
 resources in PE files

---
 yara-x/src/modules/pe/parser.rs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/yara-x/src/modules/pe/parser.rs b/yara-x/src/modules/pe/parser.rs
index ab38cafb3..c5563a875 100644
--- a/yara-x/src/modules/pe/parser.rs
+++ b/yara-x/src/modules/pe/parser.rs
@@ -765,7 +765,8 @@ impl<'a> PE<'a> {
     fn parse_rsrc_dir(input: &[u8]) -> IResult<&[u8], usize> {
         map(
             tuple((
-                le_u32, // characteristics
+                // characteristics must be 0
+                verify(le_u32, |characteristics| *characteristics == 0),
                 le_u32, // timestamp
                 le_u16, // major_version
                 le_u16, // minor_version