diff --git a/CHANGELOG.md b/CHANGELOG.md index 0f0e39dc..08bfe6e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -97,6 +97,7 @@ - fix: use dest.value.value and indirect_src.value.value for LLIL_CONST call destinations in binja insn.py @williballenthin (SURF-47) - fix: remove duplicate getPrevLocation call and dead loc variable in get_previous_instructions @williballenthin (SURF-46) - fix: unpack getByteDef offset and slice buffer so ENDBRANCH check applies to target address, not segment start @williballenthin (SURF-45) +- fix: guard getByteDef against None return for unmapped addresses in viv insn extractor @williballenthin #3057 - fix: correct inverted loop structure in extract_function_loop so each block edge is recorded as (src, dest) @williballenthin (SURF-44) - fix: initialize addr to None in Ghidra import extractors to prevent UnboundLocalError when external functions have no data references @williballenthin (SURF-43) - fix: replace assert with isinstance guard in get_callee for invalid MethodSpec tokens @williballenthin diff --git a/capa/features/extractors/viv/insn.py b/capa/features/extractors/viv/insn.py index c126ad27..cd89a491 100644 --- a/capa/features/extractors/viv/insn.py +++ b/capa/features/extractors/viv/insn.py @@ -142,9 +142,11 @@ def extract_insn_api_features(fh: FunctionHandle, bb, ih: InsnHandle) -> Iterato break # if jump leads to an ENDBRANCH instruction, skip it - _offset, _buf = f.vw.getByteDef(target) - if _buf[_offset:].startswith(b"\xf3\x0f\x1e"): - target += 4 + byte_def = f.vw.getByteDef(target) + if byte_def: + _offset, _buf = byte_def + if _buf[_offset:].startswith(b"\xf3\x0f\x1e"): + target += 4 target = capa.features.extractors.viv.helpers.get_coderef_from(f.vw, target) if not target: diff --git a/capa/loader.py b/capa/loader.py index 5eaa25a0..5b86ac1a 100644 --- a/capa/loader.py +++ b/capa/loader.py @@ -21,8 +21,6 @@ from pathlib import Path from rich.console import Console -from capa.helpers import assert_never - import capa.rules import capa.helpers import capa.version @@ -34,6 +32,7 @@ import capa.render.result_document as rdoc import capa.features.extractors.common from capa.rules import RuleSet from capa.engine import MatchResults +from capa.helpers import assert_never from capa.exceptions import ( UnsupportedOSError, UnsupportedArchError, diff --git a/capa/render/verbose.py b/capa/render/verbose.py index 0bbae69e..4afb4638 100644 --- a/capa/render/verbose.py +++ b/capa/render/verbose.py @@ -37,12 +37,12 @@ from rich.table import Table import capa.rules import capa.helpers import capa.render.utils as rutils -from capa.helpers import assert_never import capa.features.freeze as frz import capa.features.address import capa.render.result_document as rd from capa.rules import RuleSet from capa.engine import MatchResults +from capa.helpers import assert_never from capa.render.utils import Console diff --git a/capa/render/vverbose.py b/capa/render/vverbose.py index 833b81c5..b6b13163 100644 --- a/capa/render/vverbose.py +++ b/capa/render/vverbose.py @@ -22,7 +22,6 @@ from rich.table import Table import capa.rules import capa.helpers import capa.render.utils as rutils -from capa.helpers import assert_never import capa.render.verbose import capa.features.common import capa.features.freeze as frz @@ -31,6 +30,7 @@ import capa.render.result_document as rd import capa.features.freeze.features as frzf from capa.rules import RuleSet from capa.engine import MatchResults +from capa.helpers import assert_never from capa.render.utils import Console logger = logging.getLogger(__name__)