Handle the case where no common item is found from an empty set.

2 files changed, 26 insertions, 0 deletions

diff --git a/src/analysis/scan/items/maxcommon.c b/src/analysis/scan/items/maxcommon.c
index 2fe561f..e8c4db3 100644
--- a/src/analysis/scan/items/maxcommon.c
+++ b/src/analysis/scan/items/maxcommon.c
@@ -300,6 +300,12 @@ static bool g_scan_maxcommon_function_run_call(GScanMaxcommonFunction *item, GSc
         collected = malloc(arg0_count * sizeof(GScanExpression *));
         scores = malloc(arg0_count * sizeof(size_t));
 
+        if (arg0_count == 0)
+        {
+            best = 0;
+            goto quick_empty;
+        }
+
         for (i = 0; i < arg0_count; i++)
         {
 #ifndef NDEBUG
@@ -357,6 +363,8 @@ static bool g_scan_maxcommon_function_run_call(GScanMaxcommonFunction *item, GSc
 
     assert(best > 0);
 
+ quick_empty:
+
     *out = G_OBJECT(g_scan_literal_expression_new(LVT_UNSIGNED_INTEGER, (unsigned long long []){ best }));
 
  exit:
diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py
index 61f4117..9572774 100644
--- a/tests/analysis/scan/fuzzing.py
+++ b/tests/analysis/scan/fuzzing.py
@@ -123,3 +123,21 @@ rule test {
 '''
 
         self.check_rule_success(rule)
+
+
+    def testNoCommon(self):
+        """Handle the case where no common item is found from an empty set."""
+
+        rule = '''
+rule test {
+
+   bytes:
+        $a = "a"
+
+   condition:
+      maxcommon($a) == 0
+
+}
+'''
+
+        self.check_rule_success(rule)