From a1015aa3a9b7a73077680a440fe924345b51c032 Mon Sep 17 00:00:00 2001
From: "Victor M. Alvarez" <vmalvarez@virustotal.com>
Date: Thu, 28 Dec 2023 17:34:23 +0100
Subject: [PATCH] `math.percentage` returns undefined value when the passed
 value is outside the 0-255 range.

---
 libyara/modules/math/math.c | 10 ++++++++--
 tests/test-math.c           | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/libyara/modules/math/math.c b/libyara/modules/math/math.c
index 24d52a95ce..b4de56e514 100644
--- a/libyara/modules/math/math.c
+++ b/libyara/modules/math/math.c
@@ -658,10 +658,13 @@ define_function(count_global)
 
 define_function(percentage_range)
 {
-  uint8_t byte = (uint8_t) integer_argument(1);
+  int64_t byte = integer_argument(1);
   int64_t offset = integer_argument(2);
   int64_t length = integer_argument(3);
 
+  if (byte < 0 || byte > 255)
+    return_float(YR_UNDEFINED);
+
   YR_SCAN_CONTEXT* context = yr_scan_context();
 
   uint32_t* distribution = get_distribution(offset, length, context);
@@ -681,7 +684,10 @@ define_function(percentage_range)
 
 define_function(percentage_global)
 {
-  uint8_t byte = (uint8_t) integer_argument(1);
+  int64_t byte = integer_argument(1);
+
+  if (byte < 0 || byte > 255)
+    return_float(YR_UNDEFINED);
 
   YR_SCAN_CONTEXT* context = yr_scan_context();
 
diff --git a/tests/test-math.c b/tests/test-math.c
index 410a747941..bc2acae6ac 100644
--- a/tests/test-math.c
+++ b/tests/test-math.c
@@ -127,6 +127,38 @@ int main(int argc, char** argv)
       }",
       "ABABCDEF");
 
+  assert_true_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          not defined math.percentage(0x41, 0, 0) \
+      }",
+      "AABAAB");
+
+  assert_true_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          not defined math.percentage(0x41, 10, 3)  \
+      }",
+      "AABAAB");
+
+  assert_true_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          not defined math.percentage(0x41, 0, -3)  \
+      }",
+      "AABAAB");
+
+  assert_true_rule_blob(
+      "import \"math\" \
+      rule test { \
+        condition: \
+          not defined math.percentage(-1)  \
+      }",
+      "AABAAB");
+
   assert_true_rule_blob(
       "import \"math\" \
       rule test { \