[Forensics-changes] [yara] 18/135: Fix issue caused by regexp code spanning over non-contiguous arena pages

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:27:28 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.1.0
in repository yara.

commit 79304f37e9a38839660ca1f984ba8cf3278bc64e
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Wed May 14 11:26:57 2014 +0200

    Fix issue caused by regexp code spanning over non-contiguous arena pages
---
 libyara/arena.c | 51 ++++++++++++++++++++++++++++++++++++++++-----------
 libyara/arena.h |  5 +++++
 libyara/re.c    | 20 ++++++++++++++++++--
 3 files changed, 63 insertions(+), 13 deletions(-)

diff --git a/libyara/arena.c b/libyara/arena.c
index 9ceaf37..9b8ff30 100644
--- a/libyara/arena.c
+++ b/libyara/arena.c
@@ -489,30 +489,34 @@ int yr_arena_coalesce(
 
 
 //
-// yr_arena_allocate_memory
+// yr_arena_reserve_memory
 //
-// Allocates memory within the arena.
+// Ensures that the arena have enough contiguous memory for future allocations.
+// if the available space in the current page is lower than "size", a new page
+// is allocated.
 //
 // Args:
-//    YR_ARENA* arena - Pointer to the arena.
-//    size_t size - Size of the region to be allocated.
-//    void** allocated_memory - Address of a pointer to newly allocated
-//                              region.
+//    YR_ARENA* arena         - Pointer to the arena.
+//    size_t size             - Size of the region to be reserved.
+//
 // Returns:
 //    ERROR_SUCCESS if succeed or the corresponding error code otherwise.
 //
 
-int yr_arena_allocate_memory(
+
+int yr_arena_reserve_memory(
     YR_ARENA* arena,
-    size_t size,
-    void** allocated_memory)
+    size_t size)
 {
+  YR_ARENA_PAGE* new_page;
   size_t new_page_size;
   void* new_page_address;
-  YR_ARENA_PAGE* new_page;
 
   if (size > free_space(arena->current_page))
   {
+    if (arena->flags & ARENA_FLAGS_FIXED_SIZE)
+      return ERROR_INSUFICIENT_MEMORY;
+
     // Requested space is bigger than current page's empty space,
     // lets calculate the size for a new page.
 
@@ -552,13 +556,37 @@ int yr_arena_allocate_memory(
     }
   }
 
+  return ERROR_SUCCESS;
+}
+
+
+//
+// yr_arena_allocate_memory
+//
+// Allocates memory within the arena.
+//
+// Args:
+//    YR_ARENA* arena         - Pointer to the arena.
+//    size_t size             - Size of the region to be allocated.
+//    void** allocated_memory - Address of a pointer to newly allocated
+//                              region.
+// Returns:
+//    ERROR_SUCCESS if succeed or the corresponding error code otherwise.
+//
+
+int yr_arena_allocate_memory(
+    YR_ARENA* arena,
+    size_t size,
+    void** allocated_memory)
+{
+  FAIL_ON_ERROR(yr_arena_reserve_memory(arena, size));
+
   *allocated_memory = arena->current_page->address + \
                       arena->current_page->used;
 
   arena->current_page->used += size;
 
   return ERROR_SUCCESS;
-
 }
 
 
@@ -744,6 +772,7 @@ int yr_arena_append(
     YR_ARENA* source_arena)
 {
   target_arena->current_page->next = source_arena->page_list_head;
+  source_arena->page_list_head->prev = target_arena->current_page;
   target_arena->current_page = source_arena->current_page;
 
   yr_free(source_arena);
diff --git a/libyara/arena.h b/libyara/arena.h
index bde1b8e..1bdcd0e 100644
--- a/libyara/arena.h
+++ b/libyara/arena.h
@@ -50,6 +50,11 @@ int yr_arena_coalesce(
     YR_ARENA* arena);
 
 
+int yr_arena_reserve_memory(
+    YR_ARENA* arena,
+    size_t size);
+
+
 int yr_arena_allocate_memory(
     YR_ARENA* arena,
     size_t size,
diff --git a/libyara/re.c b/libyara/re.c
index ba5eadd..a93fddd 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -42,8 +42,10 @@ order to avoid confusion with operating system threads.
 #include "re.h"
 
 
-#define RE_MAX_STACK    1024
-#define RE_SCAN_LIMIT   4096
+#define RE_MAX_STACK      1024
+#define RE_MAX_CODE_SIZE  4096
+#define RE_SCAN_LIMIT     4096
+
 
 #define EMIT_BACKWARDS                1
 #define DONT_UPDATE_FORWARDS_CODE     2
@@ -938,7 +940,14 @@ int yr_re_emit_code(
 {
   int code_size;
 
+  // Ensure that we have enough contiguos memory space in the arena to
+  // contain the regular expression code. The code can't span over multiple
+  // non-contiguos pages.
+
+  yr_arena_reserve_memory(arena, RE_MAX_CODE_SIZE);
+
   // Emit code for matching the regular expressions forwards.
+
   FAIL_ON_ERROR(_yr_re_emit(
       re->root_node,
       arena,
@@ -946,13 +955,18 @@ int yr_re_emit_code(
       NULL,
       &code_size));
 
+  assert(code_size < RE_MAX_CODE_SIZE);
+
   FAIL_ON_ERROR(_yr_emit_inst(
       arena,
       RE_OPCODE_MATCH,
       NULL,
       &code_size));
 
+  yr_arena_reserve_memory(arena, RE_MAX_CODE_SIZE);
+
   // Emit code for matching the regular expressions backwards.
+
   FAIL_ON_ERROR(_yr_re_emit(
       re->root_node,
       arena,
@@ -960,6 +974,8 @@ int yr_re_emit_code(
       NULL,
       &code_size));
 
+  assert(code_size < RE_MAX_CODE_SIZE);
+
   FAIL_ON_ERROR(_yr_emit_inst(
       arena,
       RE_OPCODE_MATCH,

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list