[Forensics-changes] [yara] 282/407: Small improvements in exec.c

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:37 UTC 2017


This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit fd20014b2ce4ffa4288593aa01c379aaf980067d
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Wed Dec 31 10:51:52 2014 +0100

    Small improvements in exec.c
---
 libyara/exec.c | 337 +++++++++++++++++++++++++--------------------------------
 1 file changed, 148 insertions(+), 189 deletions(-)

diff --git a/libyara/exec.c b/libyara/exec.c
index 75fdf4f..80b5ee3 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -94,6 +94,14 @@ limitations under the License.
     } while(0)
 
 
+#define break_if_undefined(x) \
+    if (IS_UNDEFINED(x)) \
+    { \
+      push(UNDEFINED); \
+      break; \
+    }
+
+
 #define little_endian_uint8_t(x)     (x)
 #define little_endian_uint16_t(x)    (x)
 #define little_endian_uint32_t(x)    (x)
@@ -248,17 +256,17 @@ int yr_execute_code(
         r1 = *(uint64_t*)(ip + 1);
         ip += sizeof(uint64_t);
         pop(r2);
-        if (r2 != UNDEFINED)
-          push(r2);
-        else
+        if (IS_UNDEFINED(r2))
           push(mem[r1]);
+        else
+          push(r2);
         break;
 
       case OP_JNUNDEF:
         pop(r1);
         push(r1);
 
-        if (r1 != UNDEFINED)
+        if (!IS_UNDEFINED(r1))
         {
           ip = *(uint8_t**)(ip + 1);
           // ip will be incremented at the end of the loop,
@@ -318,128 +326,6 @@ int yr_execute_code(
           push(!r1);
         break;
 
-      case OP_INT_LT:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(<, r1, r2));
-        break;
-
-      case OP_INT_GT:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(>, r1, r2));
-        break;
-
-      case OP_INT_LE:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(<=, r1, r2));
-        break;
-
-      case OP_INT_GE:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(>=, r1, r2));
-        break;
-
-      case OP_INT_EQ:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(==, r1, r2));
-        break;
-
-      case OP_INT_NEQ:
-        pop(r2);
-        pop(r1);
-        push(COMPARISON(!=, r1, r2));
-        break;
-
-      case OP_STR_EQ:
-        pop(r2);
-        pop(r1);
-
-        if (IS_UNDEFINED(r1) || IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-        }
-        else
-        {
-          sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
-          sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
-
-          if (sized_str_1->length == sized_str_2->length)
-          {
-            push(memcmp(sized_str_1->c_string,
-                        sized_str_2->c_string,
-                        sized_str_2->length) == 0);
-          }
-          else
-          {
-            push(FALSE);
-          }
-        }
-        break;
-
-      case OP_STR_NEQ:
-        pop(r2);
-        pop(r1);
-
-        if (IS_UNDEFINED(r1) || IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-        }
-        else
-        {
-          sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
-          sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
-
-          if (sized_str_1->length == sized_str_2->length)
-          {
-            push(memcmp(sized_str_1->c_string,
-                        sized_str_2->c_string,
-                        sized_str_2->length) != 0);
-          }
-          else
-          {
-            push(TRUE);
-          }
-        }
-        break;
-
-      case OP_STR_TO_BOOL:
-        pop(r1);
-
-        if (IS_UNDEFINED(r1))
-          push(UNDEFINED);
-        else
-          push(UINT64_TO_PTR(SIZED_STRING*, r1)->length > 0);
-
-        break;
-
-      case OP_INT_ADD:
-        pop(r2);
-        pop(r1);
-        push(OPERATION(+, r1, r2));
-        break;
-
-      case OP_INT_SUB:
-        pop(r2);
-        pop(r1);
-        push(OPERATION(-, r1, r2));
-        break;
-
-      case OP_INT_MUL:
-        pop(r2);
-        pop(r1);
-        push(OPERATION(*, r1, r2));
-        break;
-
-      case OP_INT_DIV:
-        pop(r2);
-        pop(r1);
-        push(OPERATION(/, r1, r2));
-        break;
-
       case OP_MOD:
         pop(r2);
         pop(r1);
@@ -515,31 +401,23 @@ int yr_execute_code(
         break;
 
       case OP_OBJ_FIELD:
-        pop(r1);
-
         identifier = *(char**)(ip + 1);
         ip += sizeof(uint64_t);
 
-        if (IS_UNDEFINED(r1))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        pop(r1);
+        break_if_undefined(r1);
 
         object = UINT64_TO_PTR(YR_OBJECT*, r1);
         object = yr_object_lookup_field(object, identifier);
+
         assert(object != NULL);
         push(PTR_TO_UINT64(object));
+
         break;
 
       case OP_OBJ_VALUE:
         pop(r1);
-
-        if (IS_UNDEFINED(r1))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r1);
 
         object = UINT64_TO_PTR(YR_OBJECT*, r1);
 
@@ -570,11 +448,7 @@ int yr_execute_code(
         pop(r1);  // index
         pop(r2);  // array
 
-        if (IS_UNDEFINED(r1))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r1);
 
         object = UINT64_TO_PTR(YR_OBJECT*, r2);
         assert(object->type == OBJECT_TYPE_ARRAY);
@@ -591,11 +465,7 @@ int yr_execute_code(
         pop(r1);  // key
         pop(r2);  // dictionary
 
-        if (IS_UNDEFINED(r1))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r1);
 
         object = UINT64_TO_PTR(YR_OBJECT*, r2);
         assert(object->type == OBJECT_TYPE_DICTIONARY);
@@ -625,12 +495,7 @@ int yr_execute_code(
         }
 
         pop(r2);
-
-        if (IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r2);
 
         function = UINT64_TO_PTR(YR_OBJECT_FUNCTION*, r2);
         result = ERROR_INTERNAL_FATAL_ERROR;
@@ -705,11 +570,8 @@ int yr_execute_code(
         pop(r2);
         pop(r1);
 
-        if (IS_UNDEFINED(r1) || IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r1);
+        break_if_undefined(r2);
 
         string = UINT64_TO_PTR(YR_STRING*, r3);
         match = string->matches[tidx].head;
@@ -744,12 +606,7 @@ int yr_execute_code(
       case OP_OFFSET:
         pop(r2);
         pop(r1);
-
-        if (IS_UNDEFINED(r1))
-        {
-          push(UNDEFINED);
-          break;
-        }
+        break_if_undefined(r1);
 
         string = UINT64_TO_PTR(YR_STRING*, r2);
         match = string->matches[tidx].head;
@@ -778,7 +635,7 @@ int yr_execute_code(
         count = 0;
         pop(r1);
 
-        while (r1 != UNDEFINED)
+        while (!IS_UNDEFINED(r1))
         {
           string = UINT64_TO_PTR(YR_STRING*, r1);
           if (string->matches[tidx].tail != NULL)
@@ -789,10 +646,10 @@ int yr_execute_code(
 
         pop(r2);
 
-        if (r2 != UNDEFINED)
-          push(found >= r2 ? 1 : 0);
-        else
+        if (IS_UNDEFINED(r2))
           push(found >= count ? 1 : 0);
+        else
+          push(found >= r2 ? 1 : 0);
 
         break;
 
@@ -868,18 +725,14 @@ int yr_execute_code(
         pop(r2);
         pop(r1);
 
-        if (IS_UNDEFINED(r1) || IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-        }
-        else
-        {
-          sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
-          sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
+        break_if_undefined(r1);
+        break_if_undefined(r2);
 
-          push(memmem(sized_str_1->c_string, sized_str_1->length,
-                      sized_str_2->c_string, sized_str_2->length) != NULL);
-        }
+        sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
+        sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
+
+        push(memmem(sized_str_1->c_string, sized_str_1->length,
+                    sized_str_2->c_string, sized_str_2->length) != NULL);
         break;
 
       case OP_IMPORT:
@@ -920,15 +773,74 @@ int yr_execute_code(
         ip += sizeof(uint64_t);
 
         pop_rel(r1, r2);
+        break_if_undefined(r2);
+        push_dbl_rel(r1, r2);
+        break;
 
-        if (IS_UNDEFINED(r2))
-        {
-          push(UNDEFINED);
-        }
-        else
-        {
-          push_dbl_rel(r1, r2);
-        }
+      case OP_STR_TO_BOOL:
+        pop(r1);
+        break_if_undefined(r1);
+        push(UINT64_TO_PTR(SIZED_STRING*, r1)->length > 0);
+        break;
+
+      case OP_INT_EQ:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(==, r1, r2));
+        break;
+
+      case OP_INT_NEQ:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(!=, r1, r2));
+        break;
+
+      case OP_INT_LT:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(<, r1, r2));
+        break;
+
+      case OP_INT_GT:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(>, r1, r2));
+        break;
+
+      case OP_INT_LE:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(<=, r1, r2));
+        break;
+
+      case OP_INT_GE:
+        pop(r2);
+        pop(r1);
+        push(COMPARISON(>=, r1, r2));
+        break;
+
+      case OP_INT_ADD:
+        pop(r2);
+        pop(r1);
+        push(OPERATION(+, r1, r2));
+        break;
+
+      case OP_INT_SUB:
+        pop(r2);
+        pop(r1);
+        push(OPERATION(-, r1, r2));
+        break;
+
+      case OP_INT_MUL:
+        pop(r2);
+        pop(r1);
+        push(OPERATION(*, r1, r2));
+        break;
+
+      case OP_INT_DIV:
+        pop(r2);
+        pop(r1);
+        push(OPERATION(/, r1, r2));
         break;
 
       // Double comparisons do not use push_dbl because the result is just
@@ -971,6 +883,7 @@ int yr_execute_code(
         break;
 
       // Double operations do use push_dbl because the result is a double.
+
       case OP_DBL_ADD:
         pop_dbl(dr2);
         pop_dbl(dr1);
@@ -995,6 +908,52 @@ int yr_execute_code(
         push_dbl(OPERATION(/, dr1, dr2));
         break;
 
+      case OP_STR_EQ:
+        pop(r2);
+        pop(r1);
+
+        break_if_undefined(r1);
+        break_if_undefined(r2);
+
+        sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
+        sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
+
+        if (sized_str_1->length == sized_str_2->length)
+        {
+          push(memcmp(sized_str_1->c_string,
+                      sized_str_2->c_string,
+                      sized_str_2->length) == 0);
+        }
+        else
+        {
+          push(FALSE);
+        }
+
+        break;
+
+      case OP_STR_NEQ:
+        pop(r2);
+        pop(r1);
+
+        break_if_undefined(r1);
+        break_if_undefined(r2);
+
+        sized_str_1 = UINT64_TO_PTR(SIZED_STRING*, r1);
+        sized_str_2 = UINT64_TO_PTR(SIZED_STRING*, r2);
+
+        if (sized_str_1->length == sized_str_2->length)
+        {
+          push(memcmp(sized_str_1->c_string,
+                      sized_str_2->c_string,
+                      sized_str_2->length) != 0);
+        }
+        else
+        {
+          push(TRUE);
+        }
+
+        break;
+
       default:
         // Unknown instruction, this shouldn't happen.
         assert(FALSE);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git



More information about the forensics-changes mailing list