[Forensics-changes] [yara] 322/415: Use string chaining for every jump over a given threshold

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:19 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 5521bfecce291173b92b2eec3804fca8edc29250
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Fri Dec 20 13:47:47 2013 +0100

    Use string chaining for every jump over a given threshold
---
 libyara/parser.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/libyara/parser.c b/libyara/parser.c
index 6d04886..a04caf1 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -375,6 +375,9 @@ YR_STRING* yr_parser_reduce_string_declaration(
   int min_atom_length;
   int min_atom_length_aux;
 
+  int32_t min_gap;
+  int32_t max_gap;
+
   char* file_name;
   char message[512];
 
@@ -433,7 +436,7 @@ YR_STRING* yr_parser_reduce_string_declaration(
       flags |= STRING_GFLAGS_FAST_HEX_REGEXP;
 
     compiler->last_result = yr_re_split_at_chaining_point(
-        re, &re, &remainder_re);
+        re, &re, &remainder_re, &min_gap, &max_gap);
 
     if (compiler->last_result != ERROR_SUCCESS)
       goto _exit;
@@ -451,8 +454,11 @@ YR_STRING* yr_parser_reduce_string_declaration(
       goto _exit;
 
     if (remainder_re != NULL)
-      string->g_flags |= STRING_GFLAGS_CHAIN_TAIL |
-                         STRING_GFLAGS_CHAIN_PART;
+    {
+      string->g_flags |= STRING_GFLAGS_CHAIN_TAIL | STRING_GFLAGS_CHAIN_PART;
+      string->chain_gap_min = min_gap;
+      string->chain_gap_max = max_gap;
+    }
 
     while (remainder_re != NULL)
     {
@@ -462,7 +468,7 @@ YR_STRING* yr_parser_reduce_string_declaration(
       yr_re_destroy(re);
 
       compiler->last_result = yr_re_split_at_chaining_point(
-          remainder_re, &re, &remainder_re);
+          remainder_re, &re, &remainder_re, &min_gap, &max_gap);
 
       if (compiler->last_result != ERROR_SUCCESS)
         goto _exit;
@@ -485,6 +491,9 @@ YR_STRING* yr_parser_reduce_string_declaration(
         min_atom_length = min_atom_length_aux;
 
       string->g_flags |= STRING_GFLAGS_CHAIN_PART;
+      string->chain_gap_min = min_gap;
+      string->chain_gap_max = max_gap;
+
       prev_string->chained_to = string;
     }
   }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list