[Forensics-changes] [yara] 293/407: Remove fabs() and abs().

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:28:38 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.3.0
in repository yara.

commit e98e08d75c633d7ba407256281f0045430c52335
Author: Wesley Shields <wxs at atarininja.org>
Date:   Wed Dec 31 23:14:21 2014 -0500

    Remove fabs() and abs().
    
    We can internalize them as they were only ever being used in rules
    to calculate the absolute distance from the expected value.
    
    This means that arithmetic_mean() now returns the absolute distance from
    the expected value for you.
---
 libyara/modules/math.c | 31 +++++--------------------------
 1 file changed, 5 insertions(+), 26 deletions(-)

diff --git a/libyara/modules/math.c b/libyara/modules/math.c
index 804baff..b7fb951 100644
--- a/libyara/modules/math.c
+++ b/libyara/modules/math.c
@@ -154,7 +154,9 @@ define_function(string_arithmetic_mean)
   for (i = 0; i < s->length; i++)
     sum += (double) s->c_string[i];
 
-  return_double(sum / (double) s->length);
+
+  sum = sum / (double) s->length;
+  return_double(fabs((sum - 127.5) / 127.5));
 }
 
 
@@ -213,29 +215,8 @@ define_function(data_arithmetic_mean)
   if (!past_first_block)
     return_double(UNDEFINED);
 
-  return_double(sum / (double) total_len);
-}
-
-
-define_function(absolute_integer)
-{
-  int64_t x = integer_argument(1);
-
-  if (IS_UNDEFINED(x))
-    return_integer(UNDEFINED);
-
-  return_integer(abs(x));
-}
-
-
-define_function(absolute_double)
-{
-  double x = double_argument(1);
-
-  if (IS_UNDEFINED(x))
-    return_double(UNDEFINED);
-
-  return_double(fabs(x));
+  sum = sum / (double) total_len;
+  return_double(fabs((sum - 127.5) / 127.5));
 }
 
 
@@ -479,8 +460,6 @@ begin_declarations;
   declare_function("monte_carlo_pi", "s", "d", string_monte_carlo_pi);
   declare_function("entropy", "ii", "d", data_entropy);
   declare_function("entropy", "s", "d", string_entropy);
-  declare_function("abs", "i", "i", absolute_integer);
-  declare_function("fabs", "d", "d", absolute_double);
 
 end_declarations;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list