From 0fdfc7734cfffb542a9b63da73a942d9adbb5540 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Wed, 22 Apr 2026 18:53:41 +0300 Subject: [PATCH] fix: correct wrong dict key in VMRay _compute_monitor_threads assertion In `_compute_monitor_threads`, the uniqueness assertion indexed `monitor_threads_by_monitor_process` by `thread_id` instead of `process_id`. Because the dict is a `defaultdict(list)`, each lookup on a novel thread ID creates a fresh empty list, making the assertion vacuously true. Duplicate thread IDs within a process are never caught. Line 242 immediately below uses the correct key `process_id` when appending, so the data structure is populated correctly; only the guard was broken. Co-Authored-By: Claude Sonnet 4.6 --- CHANGELOG.md | 1 + capa/features/extractors/vmray/__init__.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 722cb3f3..65f41439 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -26,6 +26,7 @@ - fix: remove unreachable backports.functools_lru_cache fallback and dead dependency @williballenthin - fix: add missing ELF branch in get_format_from_extension for .elf_ files @williballenthin #3031 - fix: Scopes.from_dict uses cls instead of self so subclasses return the correct type @williballenthin +- fix: correct wrong dict key in VMRay _compute_monitor_threads assertion (used thread_id instead of process_id) @williballenthin ### capa Explorer Web diff --git a/capa/features/extractors/vmray/__init__.py b/capa/features/extractors/vmray/__init__.py index 0eaf0d4c..07ff35d7 100644 --- a/capa/features/extractors/vmray/__init__.py +++ b/capa/features/extractors/vmray/__init__.py @@ -237,7 +237,7 @@ class VMRayAnalysis: # we expect each monitor thread ID to be unique for its associated monitor process ID e.g. monitor # thread ID 10 should not be captured twice for monitor process ID 1 - assert monitor_thread.thread_id not in self.monitor_threads_by_monitor_process[monitor_thread.thread_id] + assert monitor_thread.thread_id not in self.monitor_threads_by_monitor_process[monitor_thread.process_id] self.monitor_threads_by_monitor_process[monitor_thread.process_id].append(monitor_thread.thread_id)