Fix regression in export parsing.

UPX packed files will cause export parsing to stop parsing because the function
address is not a valid RVA, and I was refusing to parse that export in that
case.

This is a regression from how we used to do parsing (we were never checking the
export RVA so it was never considered in prior releases). This is causing rules
which used to work to no longer work on packed samples. Specifically, checking
for a DLL which is UPX packed using pe.exports("foo") is likely to not work in
4.0.0 when it used to work in 3.11.0.

Apologies for missing this, but to make sure it doesn't happen again in the
future I've added a test case for this (just packed an existing DLL that is in
the repo).

Author: wxsBSD

libyara/modules/pe/pe.c

@@ -1218,13 +1218,13 @@ static void pe_parse_exports(
 
   for (i = 0; i < number_of_exports; i++)
   {
-    offset = pe_rva_to_offset(pe, yr_le32toh(function_addrs[i]));
-    if (offset <= 0)
-      continue;
-
     set_integer(
         ordinal_base + i, pe->object, "export_details[%i].ordinal", exp_sz);
 
+    // Don't check for a failure here since some packers make this an invalid
+    // value.
+    offset = pe_rva_to_offset(pe, yr_le32toh(function_addrs[i]));
+
     if (offset > export_start && offset < export_start + export_size)
     {
       remaining = pe->data_size - (size_t) offset;

tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885.upx

@@ -279,6 +279,15 @@ int main(int argc, char** argv)
       }",
       "tests/data/mtxex.dll");
 
+  assert_true_rule_file(
+      "import \"pe\" \
+      rule test { \
+        condition: \
+          pe.export_details[0].name == \"CP_PutItem\" \
+      }",
+      "tests/data/079a472d22290a94ebb212aa8015cdc8dd28a968c6b4d3b88acdd58ce2d3b885.upx");
+
+
   assert_true_rule_file(
       "import \"pe\" \
       rule test { \