Merge pull request #1082 from mandiant/fix/addr-check

check address value
2026-02-04 19:12:01 -08:00 · 2022-07-01 08:49:17 -06:00
parent 7bd49b56c4 9f4479582a
commit 22bc26905f
1 changed files with 2 additions and 1 deletions
--- a/capa/features/extractors/viv/insn.py
+++ b/capa/features/extractors/viv/insn.py
@@ -502,7 +502,8 @@ def extract_function_calls_from(fh: FunctionHandle, bb, ih: InsnHandle) -> Itera
    # see Lab21-01.exe_:0x140001178
    elif isinstance(insn.opers[0], envi.archs.i386.disasm.i386PcRelOper):
        target = insn.opers[0].getOperValue(insn)
-        yield Characteristic("calls from"), AbsoluteVirtualAddress(target)
+        if target >= 0:
+            yield Characteristic("calls from"), AbsoluteVirtualAddress(target)

    # call via IAT, x64
    elif isinstance(insn.opers[0], envi.archs.amd64.disasm.Amd64RipRelOper):