[Forensics-changes] [yara] 320/415: Simplify match tracking.
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:19 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit c17b26d61b71a2e8cd19e6a80d8012c577646e33
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Dec 19 20:29:08 2013 +0100
Simplify match tracking.
The previous approach was more memory-efficient in some situations, but introduced some complexity and make the code bug-prone. This simplification will also facilitate further improvement of the unbound jumps feature.
---
libyara/exec.c | 19 ++++++++-----------
libyara/rules.c | 28 ++++++----------------------
libyara/yara.h | 4 +---
yara-python/yara-python.c | 2 +-
yara.c | 2 +-
5 files changed, 17 insertions(+), 38 deletions(-)
diff --git a/libyara/exec.c b/libyara/exec.c
index 84cdc26..1e7170e 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -350,14 +350,14 @@ int yr_execute_code(
while (match != NULL)
{
- if (r1 >= match->first_offset && r1 <= match->last_offset)
+ if (r1 == match->offset)
{
push(1);
found = 1;
break;
}
- if (r1 < match->first_offset)
+ if (r1 < match->offset)
break;
match = match->next;
@@ -385,15 +385,13 @@ int yr_execute_code(
while (match != NULL && !found)
{
- if ((match->first_offset >= r1 && match->first_offset <= r2) ||
- (match->last_offset >= r1 && match->last_offset <= r2) ||
- (match->first_offset <= r1 && match->last_offset >= r2))
+ if (match->offset >= r1 && match->offset <= r2)
{
push(1);
found = TRUE;
}
- if (match->first_offset > r2)
+ if (match->offset > r2)
break;
match = match->next;
@@ -411,7 +409,7 @@ int yr_execute_code(
found = 0;
while (match != NULL)
{
- found += match->last_offset - match->first_offset + 1;
+ found++;
match = match->next;
}
push(found);
@@ -434,14 +432,13 @@ int yr_execute_code(
while (match != NULL && !found)
{
- if (r1 >= i &&
- r1 <= i + match->last_offset - match->first_offset)
+ if (r1 == i)
{
- push(match->first_offset + r1 - i);
+ push(match->offset);
found = TRUE;
}
- i += match->last_offset - match->first_offset + 1;
+ i++;
match = match->next;
}
diff --git a/libyara/rules.c b/libyara/rules.c
index e12b76f..104db1d 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -318,7 +318,7 @@ void _yr_scan_confirm_matches(
{
next_match = match->next;
- if (match_offset >= match->first_offset + match->length)
+ if (match_offset >= match->offset + match->length)
{
if (match->prev != NULL)
match->prev->next = match->next;
@@ -334,7 +334,7 @@ void _yr_scan_confirm_matches(
match->prev = string->chained_to->matches[tidx].tail;
match->next = NULL;
- match->length = match_offset - match->first_offset + match_length;
+ match->length = match_offset - match->offset + match_length;
if (string->chained_to->matches[tidx].head == NULL)
string->chained_to->matches[tidx].head = match;
@@ -345,7 +345,7 @@ void _yr_scan_confirm_matches(
string->chained_to->matches[tidx].tail = match;
_yr_scan_confirm_matches(
- tidx, string->chained_to, match->first_offset, match->length);
+ tidx, string->chained_to, match->offset, match->length);
}
match = next_match;
@@ -429,26 +429,11 @@ void _yr_rules_match_callback(
{
if (match_length == match->length)
{
- if (match_offset >= match->first_offset &&
- match_offset <= match->last_offset)
- {
- return;
- }
-
- if (match_offset == match->last_offset + 1)
- {
- match->last_offset++;
+ if (match_offset == match->offset)
return;
- }
-
- if (match_offset == match->first_offset - 1)
- {
- match->first_offset--;
- return;
- }
}
- if (match_offset > match->last_offset)
+ if (match_offset > match->offset)
break;
match = match->prev;
@@ -459,8 +444,7 @@ void _yr_rules_match_callback(
sizeof(YR_MATCH),
(void**) &new_match);
- new_match->first_offset = match_offset;
- new_match->last_offset = match_offset;
+ new_match->offset = match_offset;
new_match->length = match_length;
new_match->data = match_data;
diff --git a/libyara/yara.h b/libyara/yara.h
index 3512495..aff92f0 100644
--- a/libyara/yara.h
+++ b/libyara/yara.h
@@ -304,9 +304,7 @@ typedef struct _YR_MATCH
{
uint8_t* data;
uint32_t length;
-
- int64_t first_offset;
- int64_t last_offset;
+ int64_t offset;
struct _YR_MATCH* prev;
struct _YR_MATCH* next;
diff --git a/yara-python/yara-python.c b/yara-python/yara-python.c
index e63d1ab..fc20f3e 100644
--- a/yara-python/yara-python.c
+++ b/yara-python/yara-python.c
@@ -373,7 +373,7 @@ int yara_callback(
tuple = Py_BuildValue(
"(L,s,O)",
- m->first_offset,
+ m->offset,
string->identifier,
object);
diff --git a/yara.c b/yara.c
index 24298ef..6a67bc5 100644
--- a/yara.c
+++ b/yara.c
@@ -545,7 +545,7 @@ int handle_message(int message, YR_RULE* rule, void* data)
while (match != NULL)
{
- printf("0x%" PRIx64 ":%s: ", match->first_offset, string->identifier);
+ printf("0x%" PRIx64 ":%s: ", match->offset, string->identifier);
if (STRING_IS_HEX(string))
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list