[Forensics-changes] [yara] 63/407: Fix issue #181
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:28:10 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.3.0
in repository yara.
commit 0763b7aee2b5eede987a1dea3271671f5a69f9cf
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Sep 24 18:09:17 2014 +0200
Fix issue #181
---
libyara/exec.c | 28 +++++++----
libyara/grammar.c | 8 ++--
libyara/grammar.y | 8 ++--
libyara/include/yara/exec.h | 110 ++++++++++++++++++++++----------------------
yara-python/tests.py | 3 +-
5 files changed, 86 insertions(+), 71 deletions(-)
diff --git a/libyara/exec.c b/libyara/exec.c
index fa7a90c..6611e81 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -205,7 +205,7 @@ int yr_execute_code(
if (IS_UNDEFINED(r1) || IS_UNDEFINED(r2))
push(0);
else
- push(r1 & r2);
+ push(r1 && r2);
break;
case OP_OR:
@@ -216,7 +216,7 @@ int yr_execute_code(
else if (IS_UNDEFINED(r2))
push(r1);
else
- push(r1 | r2);
+ push(r1 || r2);
break;
case OP_NOT:
@@ -325,11 +325,6 @@ int yr_execute_code(
push(OPERATION(%, r1, r2));
break;
- case OP_NEG:
- pop(r1);
- push(IS_UNDEFINED(r1) ? UNDEFINED : ~r1);
- break;
-
case OP_SHR:
pop(r2);
pop(r1);
@@ -342,7 +337,24 @@ int yr_execute_code(
push(OPERATION(<<, r1, r2));
break;
- case OP_XOR:
+ case OP_BITWISE_NOT:
+ pop(r1);
+ push(IS_UNDEFINED(r1) ? UNDEFINED : ~r1);
+ break;
+
+ case OP_BITWISE_AND:
+ pop(r2);
+ pop(r1);
+ push(OPERATION(&, r1, r2));
+ break;
+
+ case OP_BITWISE_OR:
+ pop(r2);
+ pop(r1);
+ push(OPERATION(|, r1, r2));
+ break;
+
+ case OP_BITWISE_XOR:
pop(r2);
pop(r1);
push(OPERATION(^, r1, r2));
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 0de2769..cca0f5e 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -3501,7 +3501,7 @@ yyreduce:
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
- yr_parser_emit(yyscanner, OP_XOR, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_XOR, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
(yyval.expression).value.integer = OPERATION(^, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
@@ -3514,7 +3514,7 @@ yyreduce:
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
- yr_parser_emit(yyscanner, OP_AND, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_AND, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
(yyval.expression).value.integer = OPERATION(&, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
@@ -3527,7 +3527,7 @@ yyreduce:
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
- yr_parser_emit(yyscanner, OP_OR, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_OR, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
(yyval.expression).value.integer = OPERATION(|, (yyvsp[(1) - (3)].expression).value.integer, (yyvsp[(3) - (3)].expression).value.integer);
@@ -3539,7 +3539,7 @@ yyreduce:
{
CHECK_TYPE((yyvsp[(2) - (2)].expression), EXPRESSION_TYPE_INTEGER, "~");
- yr_parser_emit(yyscanner, OP_NEG, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_NOT, NULL);
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
(yyval.expression).value.integer = ((yyvsp[(2) - (2)].expression).value.integer == UNDEFINED) ?
diff --git a/libyara/grammar.y b/libyara/grammar.y
index e118385..a7c8b98 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -1719,7 +1719,7 @@ primary_expression
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "^");
- yr_parser_emit(yyscanner, OP_XOR, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_XOR, NULL);
$$.type = EXPRESSION_TYPE_INTEGER;
$$.value.integer = OPERATION(^, $1.value.integer, $3.value.integer);
@@ -1729,7 +1729,7 @@ primary_expression
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "^");
- yr_parser_emit(yyscanner, OP_AND, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_AND, NULL);
$$.type = EXPRESSION_TYPE_INTEGER;
$$.value.integer = OPERATION(&, $1.value.integer, $3.value.integer);
@@ -1739,7 +1739,7 @@ primary_expression
CHECK_TYPE($1, EXPRESSION_TYPE_INTEGER, "|");
CHECK_TYPE($3, EXPRESSION_TYPE_INTEGER, "|");
- yr_parser_emit(yyscanner, OP_OR, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_OR, NULL);
$$.type = EXPRESSION_TYPE_INTEGER;
$$.value.integer = OPERATION(|, $1.value.integer, $3.value.integer);
@@ -1748,7 +1748,7 @@ primary_expression
{
CHECK_TYPE($2, EXPRESSION_TYPE_INTEGER, "~");
- yr_parser_emit(yyscanner, OP_NEG, NULL);
+ yr_parser_emit(yyscanner, OP_BITWISE_NOT, NULL);
$$.type = EXPRESSION_TYPE_INTEGER;
$$.value.integer = ($2.value.integer == UNDEFINED) ?
diff --git a/libyara/include/yara/exec.h b/libyara/include/yara/exec.h
index 5254425..83f5c36 100644
--- a/libyara/include/yara/exec.h
+++ b/libyara/include/yara/exec.h
@@ -30,60 +30,62 @@ limitations under the License.
#define OP_AND 1
#define OP_OR 2
-#define OP_XOR 3
-#define OP_NOT 4
-#define OP_LT 5
-#define OP_GT 6
-#define OP_LE 7
-#define OP_GE 8
-#define OP_EQ 9
-#define OP_NEQ 10
-#define OP_SZ_EQ 11
-#define OP_SZ_NEQ 12
-#define OP_SZ_TO_BOOL 13
-#define OP_ADD 14
-#define OP_SUB 15
-#define OP_MUL 16
-#define OP_DIV 17
-#define OP_MOD 18
-#define OP_NEG 19
-#define OP_SHL 20
-#define OP_SHR 21
-#define OP_PUSH 22
-#define OP_POP 23
-#define OP_CALL 24
-#define OP_OBJ_LOAD 25
-#define OP_OBJ_VALUE 26
-#define OP_OBJ_FIELD 27
-#define OP_INDEX_ARRAY 28
-#define OP_STR_COUNT 29
-#define OP_STR_FOUND 30
-#define OP_STR_FOUND_AT 31
-#define OP_STR_FOUND_IN 32
-#define OP_STR_OFFSET 33
-#define OP_OF 34
-#define OP_PUSH_RULE 35
-#define OP_MATCH_RULE 36
-#define OP_INCR_M 37
-#define OP_CLEAR_M 38
-#define OP_ADD_M 39
-#define OP_POP_M 40
-#define OP_PUSH_M 41
-#define OP_SWAPUNDEF 42
-#define OP_JNUNDEF 43
-#define OP_JLE 44
-#define OP_FILESIZE 45
-#define OP_ENTRYPOINT 46
-#define OP_INT8 47
-#define OP_INT16 48
-#define OP_INT32 49
-#define OP_UINT8 50
-#define OP_UINT16 51
-#define OP_UINT32 52
-#define OP_CONTAINS 53
-#define OP_MATCHES 54
-#define OP_IMPORT 55
-#define OP_LOOKUP_DICT 56
+#define OP_NOT 3
+#define OP_LT 4
+#define OP_GT 5
+#define OP_LE 6
+#define OP_GE 7
+#define OP_EQ 8
+#define OP_NEQ 9
+#define OP_SZ_EQ 10
+#define OP_SZ_NEQ 11
+#define OP_SZ_TO_BOOL 12
+#define OP_ADD 13
+#define OP_SUB 14
+#define OP_MUL 15
+#define OP_DIV 16
+#define OP_MOD 17
+#define OP_BITWISE_NOT 18
+#define OP_BITWISE_AND 19
+#define OP_BITWISE_OR 20
+#define OP_BITWISE_XOR 21
+#define OP_SHL 22
+#define OP_SHR 23
+#define OP_PUSH 24
+#define OP_POP 25
+#define OP_CALL 26
+#define OP_OBJ_LOAD 27
+#define OP_OBJ_VALUE 28
+#define OP_OBJ_FIELD 29
+#define OP_INDEX_ARRAY 30
+#define OP_STR_COUNT 31
+#define OP_STR_FOUND 32
+#define OP_STR_FOUND_AT 33
+#define OP_STR_FOUND_IN 34
+#define OP_STR_OFFSET 35
+#define OP_OF 36
+#define OP_PUSH_RULE 37
+#define OP_MATCH_RULE 38
+#define OP_INCR_M 39
+#define OP_CLEAR_M 40
+#define OP_ADD_M 41
+#define OP_POP_M 42
+#define OP_PUSH_M 43
+#define OP_SWAPUNDEF 44
+#define OP_JNUNDEF 45
+#define OP_JLE 46
+#define OP_FILESIZE 47
+#define OP_ENTRYPOINT 48
+#define OP_INT8 49
+#define OP_INT16 50
+#define OP_INT32 51
+#define OP_UINT8 52
+#define OP_UINT16 53
+#define OP_UINT32 54
+#define OP_CONTAINS 55
+#define OP_MATCHES 56
+#define OP_IMPORT 57
+#define OP_LOOKUP_DICT 58
#define OPERATION(operator, op1, op2) \
diff --git a/yara-python/tests.py b/yara-python/tests.py
index 103f614..cb89074 100644
--- a/yara-python/tests.py
+++ b/yara-python/tests.py
@@ -274,7 +274,8 @@ class TestYara(unittest.TestCase):
self.assertTrueRules([
'rule test { condition: true }',
'rule test { condition: true or false }',
- 'rule test { condition: true and true }'
+ 'rule test { condition: true and true }',
+ 'rule test { condition: 0x1 and 0x2}',
])
self.assertFalseRules([
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list