[Forensics-changes] [yara] 23/160: Implement short-circuit evaluation
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:14 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 165c353b59fef5603f62f5992c02a143d7780a23
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Fri Feb 20 15:37:13 2015 +0100
Implement short-circuit evaluation
---
libyara/compiler.c | 10 +
libyara/exec.c | 64 ++--
libyara/grammar.c | 644 ++++++++++++++++++++++------------------
libyara/grammar.y | 85 +++++-
libyara/include/yara/compiler.h | 14 +-
libyara/include/yara/exec.h | 2 +
libyara/include/yara/parser.h | 20 +-
libyara/parser.c | 24 +-
8 files changed, 524 insertions(+), 339 deletions(-)
diff --git a/libyara/compiler.c b/libyara/compiler.c
index 1af2996..6e468d5 100644
--- a/libyara/compiler.c
+++ b/libyara/compiler.c
@@ -48,6 +48,7 @@ YR_API int yr_compiler_create(
new_compiler->last_result = ERROR_SUCCESS;
new_compiler->file_stack_ptr = 0;
new_compiler->file_name_stack_ptr = 0;
+ new_compiler->fixup_stack_head = NULL;
new_compiler->current_rule_flags = 0;
new_compiler->allow_includes = 1;
new_compiler->loop_depth = 0;
@@ -131,6 +132,15 @@ YR_API void yr_compiler_destroy(
for (int i = 0; i < compiler->file_name_stack_ptr; i++)
yr_free(compiler->file_name_stack[i]);
+ YR_FIXUP* fixup = compiler->fixup_stack_head;
+
+ while (fixup != NULL)
+ {
+ YR_FIXUP* next_fixup = fixup->next;
+ yr_free(fixup);
+ fixup = next_fixup;
+ }
+
yr_free(compiler);
}
diff --git a/libyara/exec.c b/libyara/exec.c
index 6a04045..bac0084 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -122,6 +122,30 @@ function_read(int16_t, big_endian)
function_read(int32_t, big_endian)
+static uint8_t* jmp_if(
+ int condition,
+ uint8_t* ip)
+{
+ uint8_t* result;
+
+ if (condition)
+ {
+ result = *(uint8_t**)(ip + 1);
+
+ // ip will be incremented at the end of the execution loop,
+ // decrement it here to compensate.
+
+ result--;
+ }
+ else
+ {
+ result = ip + sizeof(uint64_t);
+ }
+
+ return result;
+}
+
+
int yr_execute_code(
YR_RULES* rules,
YR_SCAN_CONTEXT* context,
@@ -214,6 +238,7 @@ int yr_execute_code(
r1.i = *(uint64_t*)(ip + 1);
ip += sizeof(uint64_t);
pop(r2);
+
if (is_undef(r2))
{
r1.i = mem[r1.i];
@@ -228,17 +253,8 @@ int yr_execute_code(
case OP_JNUNDEF:
pop(r1);
push(r1);
- if (!is_undef(r1))
- {
- ip = *(uint8_t**)(ip + 1);
- // ip will be incremented at the end of the loop,
- // decrement it here to compensate.
- ip--;
- }
- else
- {
- ip += sizeof(uint64_t);
- }
+
+ ip = jmp_if(!is_undef(r1), ip);
break;
case OP_JLE:
@@ -247,17 +263,21 @@ int yr_execute_code(
push(r1);
push(r2);
- if (r1.i <= r2.i)
- {
- ip = *(uint8_t**)(ip + 1);
- // ip will be incremented at the end of the loop,
- // decrement it here to compensate.
- ip--;
- }
- else
- {
- ip += sizeof(uint64_t);
- }
+ ip = jmp_if(r1.i <= r2.i, ip);
+ break;
+
+ case OP_JTRUE:
+ pop(r1);
+ push(r1);
+
+ ip = jmp_if(!is_undef(r1) && r1.i, ip);
+ break;
+
+ case OP_JFALSE:
+ pop(r1);
+ push(r1);
+
+ ip = jmp_if(is_undef(r1) || !r1.i, ip);
break;
case OP_AND:
diff --git a/libyara/grammar.c b/libyara/grammar.c
index 384e384..be06857 100644
--- a/libyara/grammar.c
+++ b/libyara/grammar.c
@@ -499,16 +499,16 @@ union yyalloc
/* YYFINAL -- State number of the termination state. */
#define YYFINAL 2
/* YYLAST -- Last index in YYTABLE. */
-#define YYLAST 383
+#define YYLAST 378
/* YYNTOKENS -- Number of terminals. */
#define YYNTOKENS 70
/* YYNNTS -- Number of nonterminals. */
-#define YYNNTS 35
+#define YYNNTS 37
/* YYNRULES -- Number of rules. */
-#define YYNRULES 112
+#define YYNRULES 114
/* YYNRULES -- Number of states. */
-#define YYNSTATES 198
+#define YYNSTATES 200
/* YYTRANSLATE(YYLEX) -- Bison symbol number corresponding to YYLEX. */
#define YYUNDEFTOK 2
@@ -564,12 +564,12 @@ static const yytype_uint16 yyprhs[] =
89, 92, 97, 98, 104, 108, 109, 112, 114, 116,
118, 120, 122, 126, 131, 136, 137, 139, 143, 145,
147, 149, 151, 155, 159, 161, 165, 169, 170, 171,
- 183, 184, 194, 198, 201, 205, 209, 213, 217, 221,
- 225, 229, 233, 235, 239, 243, 245, 252, 254, 258,
- 259, 264, 266, 268, 272, 274, 276, 278, 280, 282,
- 286, 288, 290, 295, 297, 299, 301, 303, 308, 310,
- 312, 315, 319, 323, 327, 331, 335, 339, 343, 347,
- 350, 354, 358
+ 183, 184, 194, 198, 201, 202, 207, 208, 213, 217,
+ 221, 225, 229, 233, 237, 239, 243, 247, 249, 256,
+ 258, 262, 263, 268, 270, 272, 276, 278, 280, 282,
+ 284, 286, 290, 292, 294, 299, 301, 303, 305, 307,
+ 312, 314, 316, 319, 323, 327, 331, 335, 339, 343,
+ 347, 351, 354, 358, 362
};
/* YYRHS -- A `-1'-separated list of the rules' RHS. */
@@ -587,30 +587,31 @@ static const yytype_int8 yyrhs[] =
84, -1, 10, 63, 17, 86, -1, -1, 10, 63,
85, 19, 86, -1, 10, 63, 18, -1, -1, 86,
87, -1, 21, -1, 20, -1, 22, -1, 23, -1,
- 9, -1, 88, 64, 9, -1, 88, 65, 104, 66,
+ 9, -1, 88, 64, 9, -1, 88, 65, 106, 66,
-1, 88, 67, 89, 68, -1, -1, 92, -1, 89,
69, 92, -1, 19, -1, 92, -1, 36, -1, 37,
- -1, 104, 33, 90, -1, 104, 34, 104, -1, 10,
- -1, 10, 24, 104, -1, 10, 29, 97, -1, -1,
- -1, 31, 103, 9, 29, 93, 96, 62, 94, 67,
- 91, 68, -1, -1, 31, 103, 30, 99, 62, 95,
- 67, 91, 68, -1, 103, 30, 99, -1, 58, 91,
- -1, 91, 39, 91, -1, 91, 38, 91, -1, 104,
- 48, 104, -1, 104, 46, 104, -1, 104, 47, 104,
- -1, 104, 45, 104, -1, 104, 44, 104, -1, 104,
- 43, 104, -1, 104, -1, 67, 92, 68, -1, 67,
- 98, 68, -1, 97, -1, 67, 104, 64, 64, 104,
- 68, -1, 104, -1, 98, 69, 104, -1, -1, 67,
- 100, 101, 68, -1, 32, -1, 102, -1, 101, 69,
- 102, -1, 10, -1, 13, -1, 104, -1, 27, -1,
- 28, -1, 67, 104, 68, -1, 25, -1, 26, -1,
- 16, 67, 104, 68, -1, 14, -1, 15, -1, 17,
- -1, 11, -1, 12, 65, 104, 66, -1, 12, -1,
- 88, -1, 52, 104, -1, 104, 51, 104, -1, 104,
- 52, 104, -1, 104, 53, 104, -1, 104, 54, 104,
- -1, 104, 55, 104, -1, 104, 41, 104, -1, 104,
- 42, 104, -1, 104, 40, 104, -1, 56, 104, -1,
- 104, 50, 104, -1, 104, 49, 104, -1, 90, -1
+ -1, 106, 33, 90, -1, 106, 34, 106, -1, 10,
+ -1, 10, 24, 106, -1, 10, 29, 99, -1, -1,
+ -1, 31, 105, 9, 29, 93, 98, 62, 94, 67,
+ 91, 68, -1, -1, 31, 105, 30, 101, 62, 95,
+ 67, 91, 68, -1, 105, 30, 101, -1, 58, 91,
+ -1, -1, 91, 39, 96, 91, -1, -1, 91, 38,
+ 97, 91, -1, 106, 48, 106, -1, 106, 46, 106,
+ -1, 106, 47, 106, -1, 106, 45, 106, -1, 106,
+ 44, 106, -1, 106, 43, 106, -1, 106, -1, 67,
+ 92, 68, -1, 67, 100, 68, -1, 99, -1, 67,
+ 106, 64, 64, 106, 68, -1, 106, -1, 100, 69,
+ 106, -1, -1, 67, 102, 103, 68, -1, 32, -1,
+ 104, -1, 103, 69, 104, -1, 10, -1, 13, -1,
+ 106, -1, 27, -1, 28, -1, 67, 106, 68, -1,
+ 25, -1, 26, -1, 16, 67, 106, 68, -1, 14,
+ -1, 15, -1, 17, -1, 11, -1, 12, 65, 106,
+ 66, -1, 12, -1, 88, -1, 52, 106, -1, 106,
+ 51, 106, -1, 106, 52, 106, -1, 106, 53, 106,
+ -1, 106, 54, 106, -1, 106, 55, 106, -1, 106,
+ 41, 106, -1, 106, 42, 106, -1, 106, 40, 106,
+ -1, 56, 106, -1, 106, 50, 106, -1, 106, 49,
+ 106, -1, 90, -1
};
/* YYRLINE[YYN] -- source line where rule number YYN was defined. */
@@ -622,12 +623,12 @@ static const yytype_uint16 yyrline[] =
451, 456, 470, 469, 488, 505, 506, 511, 512, 513,
514, 519, 607, 655, 715, 762, 765, 790, 826, 871,
888, 897, 906, 921, 935, 949, 965, 980, 1015, 979,
- 1129, 1128, 1207, 1213, 1219, 1225, 1233, 1242, 1251, 1260,
- 1269, 1278, 1287, 1291, 1299, 1300, 1305, 1327, 1339, 1355,
- 1354, 1360, 1369, 1370, 1375, 1380, 1389, 1390, 1394, 1402,
- 1406, 1416, 1430, 1446, 1456, 1465, 1488, 1503, 1518, 1540,
- 1584, 1603, 1621, 1639, 1657, 1675, 1685, 1695, 1705, 1715,
- 1725, 1735, 1745
+ 1129, 1128, 1207, 1213, 1220, 1219, 1262, 1261, 1302, 1311,
+ 1320, 1329, 1338, 1347, 1356, 1360, 1368, 1369, 1374, 1396,
+ 1408, 1424, 1423, 1429, 1438, 1439, 1444, 1449, 1458, 1459,
+ 1463, 1471, 1475, 1485, 1499, 1515, 1525, 1534, 1557, 1572,
+ 1587, 1609, 1653, 1672, 1690, 1708, 1726, 1744, 1754, 1764,
+ 1774, 1784, 1794, 1804, 1814
};
#endif
@@ -652,8 +653,8 @@ static const char *const yytname[] =
"rule_modifier", "tags", "tag_list", "meta_declarations",
"meta_declaration", "string_declarations", "string_declaration", "@1",
"string_modifiers", "string_modifier", "identifier", "arguments_list",
- "regexp", "boolean_expression", "expression", "@2", "@3", "@4",
- "integer_set", "range", "integer_enumeration", "string_set", "@5",
+ "regexp", "boolean_expression", "expression", "@2", "@3", "@4", "@5",
+ "@6", "integer_set", "range", "integer_enumeration", "string_set", "@7",
"string_enumeration", "string_enumeration_item", "for_expression",
"primary_expression", 0
};
@@ -683,12 +684,12 @@ static const yytype_uint8 yyr1[] =
83, 84, 85, 84, 84, 86, 86, 87, 87, 87,
87, 88, 88, 88, 88, 89, 89, 89, 90, 91,
92, 92, 92, 92, 92, 92, 92, 93, 94, 92,
- 95, 92, 92, 92, 92, 92, 92, 92, 92, 92,
- 92, 92, 92, 92, 96, 96, 97, 98, 98, 100,
- 99, 99, 101, 101, 102, 102, 103, 103, 103, 104,
- 104, 104, 104, 104, 104, 104, 104, 104, 104, 104,
- 104, 104, 104, 104, 104, 104, 104, 104, 104, 104,
- 104, 104, 104
+ 95, 92, 92, 92, 96, 92, 97, 92, 92, 92,
+ 92, 92, 92, 92, 92, 92, 98, 98, 99, 100,
+ 100, 102, 101, 101, 103, 103, 104, 104, 105, 105,
+ 105, 106, 106, 106, 106, 106, 106, 106, 106, 106,
+ 106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
+ 106, 106, 106, 106, 106
};
/* YYR2[YYN] -- Number of symbols composing right hand side of rule YYN. */
@@ -700,12 +701,12 @@ static const yytype_uint8 yyr2[] =
2, 4, 0, 5, 3, 0, 2, 1, 1, 1,
1, 1, 3, 4, 4, 0, 1, 3, 1, 1,
1, 1, 3, 3, 1, 3, 3, 0, 0, 11,
- 0, 9, 3, 2, 3, 3, 3, 3, 3, 3,
- 3, 3, 1, 3, 3, 1, 6, 1, 3, 0,
- 4, 1, 1, 3, 1, 1, 1, 1, 1, 3,
- 1, 1, 4, 1, 1, 1, 1, 4, 1, 1,
- 2, 3, 3, 3, 3, 3, 3, 3, 3, 2,
- 3, 3, 1
+ 0, 9, 3, 2, 0, 4, 0, 4, 3, 3,
+ 3, 3, 3, 3, 1, 3, 3, 1, 6, 1,
+ 3, 0, 4, 1, 1, 3, 1, 1, 1, 1,
+ 1, 3, 1, 1, 4, 1, 1, 1, 1, 4,
+ 1, 1, 2, 3, 3, 3, 3, 3, 3, 3,
+ 3, 2, 3, 3, 1
};
/* YYDEFACT[STATE-NAME] -- Default rule to reduce with in state
@@ -717,22 +718,22 @@ static const yytype_uint8 yydefact[] =
5, 8, 0, 17, 18, 16, 19, 0, 0, 21,
20, 10, 22, 0, 12, 0, 0, 0, 0, 11,
23, 0, 0, 0, 0, 24, 0, 13, 29, 0,
- 9, 26, 25, 27, 28, 32, 30, 41, 54, 96,
- 98, 93, 94, 0, 95, 48, 90, 91, 87, 88,
- 0, 50, 51, 0, 0, 0, 0, 99, 112, 14,
- 49, 0, 72, 35, 34, 0, 0, 0, 0, 0,
- 0, 0, 86, 100, 109, 63, 0, 49, 72, 0,
- 0, 45, 0, 0, 0, 0, 0, 0, 0, 0,
+ 9, 26, 25, 27, 28, 32, 30, 41, 54, 98,
+ 100, 95, 96, 0, 97, 48, 92, 93, 89, 90,
+ 0, 50, 51, 0, 0, 0, 0, 101, 114, 14,
+ 49, 0, 74, 35, 34, 0, 0, 0, 0, 0,
+ 0, 0, 88, 102, 111, 63, 0, 49, 74, 0,
+ 0, 45, 66, 64, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 31, 35, 55, 0, 56, 0, 0,
- 0, 0, 0, 73, 89, 42, 0, 0, 46, 65,
- 64, 81, 79, 62, 52, 53, 108, 106, 107, 71,
- 70, 69, 67, 68, 66, 111, 110, 101, 102, 103,
- 104, 105, 38, 37, 39, 40, 36, 33, 0, 97,
- 92, 57, 0, 43, 44, 0, 0, 0, 0, 60,
- 47, 84, 85, 0, 82, 0, 0, 0, 75, 0,
- 80, 0, 0, 0, 77, 58, 0, 83, 76, 74,
- 0, 0, 0, 78, 0, 61, 0, 59
+ 0, 0, 0, 75, 91, 42, 0, 0, 46, 0,
+ 0, 83, 81, 62, 52, 53, 110, 108, 109, 73,
+ 72, 71, 69, 70, 68, 113, 112, 103, 104, 105,
+ 106, 107, 38, 37, 39, 40, 36, 33, 0, 99,
+ 94, 57, 0, 43, 44, 0, 67, 65, 0, 0,
+ 0, 60, 47, 86, 87, 0, 84, 0, 0, 0,
+ 77, 0, 82, 0, 0, 0, 79, 58, 0, 85,
+ 78, 76, 0, 0, 0, 80, 0, 61, 0, 59
};
/* YYDEFGOTO[NTERM-NUM]. */
@@ -740,8 +741,8 @@ static const yytype_int16 yydefgoto[] =
{
-1, 1, 5, 6, 24, 27, 33, 7, 15, 18,
20, 29, 30, 37, 38, 75, 113, 156, 67, 127,
- 68, 86, 70, 168, 191, 179, 177, 117, 183, 133,
- 166, 173, 174, 71, 72
+ 68, 86, 70, 170, 193, 181, 130, 129, 179, 117,
+ 185, 133, 168, 175, 176, 71, 72
};
/* YYPACT[STATE-NUM] -- Index in YYTABLE of the portion describing
@@ -749,126 +750,124 @@ static const yytype_int16 yydefgoto[] =
#define YYPACT_NINF -65
static const yytype_int16 yypact[] =
{
- -65, 5, -65, -28, 11, -65, -65, 13, -65, -65,
- -65, -65, 21, -65, -65, -65, -48, 33, 12, -65,
- 68, 76, -65, 45, 80, 101, 58, 116, 63, 101,
- -65, 127, 77, 87, 7, -65, 75, 127, -65, 69,
- -65, -65, -65, -65, -65, 81, -65, -65, -9, -65,
- 85, -65, -65, 93, -65, -65, -65, -65, -65, -65,
- 142, -65, -65, 162, 162, 69, 69, 9, -65, 70,
- -65, 122, 275, -65, -65, 145, 162, 98, 162, 162,
- 162, 4, 91, -65, -65, -65, 70, 104, 190, 157,
- 162, 69, 69, 69, -31, 156, 162, 162, 162, 162,
- 162, 162, 162, 162, 162, 162, 162, 162, 162, 162,
- 162, 162, 162, 25, -65, 91, 162, -65, 230, 62,
- 151, 153, -31, -65, -65, -65, 248, 50, 84, 141,
- -65, -65, -65, -65, -65, 91, 307, 321, 328, 91,
- 91, 91, 91, 91, 91, 38, 38, -3, -3, -65,
- -65, -65, -65, -65, -65, -65, -65, 25, 291, -65,
- -65, -65, 121, -65, -65, 69, 19, 120, 118, -65,
- 84, -65, -65, 60, -65, 162, 162, 124, -65, 123,
- -65, 19, 210, 94, 291, -65, 69, -65, -65, -65,
- 162, 128, -35, 91, 69, -65, -27, -65
+ -65, 79, -65, -29, -3, -65, -65, 100, -65, -65,
+ -65, -65, 13, -65, -65, -65, 6, 98, 53, -65,
+ 112, 118, -65, 67, 127, 126, 81, 138, 91, 126,
+ -65, 134, 94, 97, -1, -65, 96, 134, -65, 50,
+ -65, -65, -65, -65, -65, 11, -65, -65, -21, -65,
+ 95, -65, -65, 99, -65, -65, -65, -65, -65, -65,
+ 111, -65, -65, 136, 136, 50, 50, -55, -65, 17,
+ -65, 135, 269, -65, -65, 145, 136, 101, 136, 136,
+ 136, 2, 301, -65, -65, -65, 17, 102, 164, 160,
+ 136, 50, -65, -65, -9, 155, 136, 136, 136, 136,
+ 136, 136, 136, 136, 136, 136, 136, 136, 136, 136,
+ 136, 136, 136, 89, -65, 301, 136, -65, 224, 131,
+ 184, 146, -9, -65, -65, -65, 242, 20, 61, 50,
+ 50, -65, -65, -65, -65, 301, 316, 43, 323, 301,
+ 301, 301, 301, 301, 301, 19, 19, 87, 87, -65,
+ -65, -65, -65, -65, -65, -65, -65, 89, 285, -65,
+ -65, -65, 114, -65, -65, 50, 140, -65, 5, 113,
+ 120, -65, 61, -65, -65, 47, -65, 136, 136, 128,
+ -65, 122, -65, 5, 204, 63, 285, -65, 50, -65,
+ -65, -65, 136, 124, -14, 301, 50, -65, -5, -65
};
/* YYPGOTO[NTERM-NUM]. */
static const yytype_int16 yypgoto[] =
{
- -65, -65, 186, 193, -65, -65, -65, -65, -65, -65,
- -65, -65, 168, -65, 170, -65, 96, -65, -65, -65,
- 113, -39, -64, -65, -65, -65, -65, 31, -65, 89,
- -65, -65, 32, 152, -41
+ -65, -65, 190, 192, -65, -65, -65, -65, -65, -65,
+ -65, -65, 167, -65, 163, -65, 88, -65, -65, -65,
+ 106, -39, -64, -65, -65, -65, -65, -65, -65, 51,
+ -65, 105, -65, -65, 37, 162, -59
};
/* YYTABLE[YYPACT[STATE-NUM]]. What to do in state STATE-NUM. If
positive, shift that token. If negative, reduce the rule which
number is the opposite. If zero, do what YYDEFACT says.
If YYTABLE_NINF, syntax error. */
-#define YYTABLE_NINF -87
+#define YYTABLE_NINF -89
static const yytype_int16 yytable[] =
{
- 69, 131, 87, 92, 93, 2, 3, 4, -15, -15,
- -15, 92, 93, 121, 17, 76, 12, 13, 14, 82,
- 77, 41, 83, 84, 42, 88, 85, 128, 11, 171,
- 16, 8, 172, 195, 122, 115, 132, 118, 119, 120,
- 4, 197, 19, 43, 44, 152, 153, 154, 155, 126,
- 110, 111, 112, 129, 130, 135, 136, 137, 138, 139,
- 140, 141, 142, 143, 144, 145, 146, 147, 148, 149,
- 150, 151, 21, 89, 90, 158, 91, 22, 47, 48,
- 49, 50, 23, 51, 52, 53, 54, 26, 55, 108,
- 109, 110, 111, 112, 56, 57, 58, 59, 73, 74,
- 60, 170, 97, 98, 99, 61, 62, 25, 92, 93,
- 28, 106, 107, 108, 109, 110, 111, 112, 164, 165,
- 31, 63, -49, -49, 32, 64, 34, 65, 180, 181,
- 160, 97, 98, 99, 182, 184, 66, 36, 45, 39,
- 106, 107, 108, 109, 110, 111, 112, 192, 40, 193,
- 78, 47, 94, 49, 50, 196, 51, 52, 53, 54,
- 79, 55, 189, 190, 114, 116, 125, 56, 57, 58,
- 59, 47, 123, 49, 50, 55, 51, 52, 53, 54,
- 93, 55, 161, 169, 175, 176, 185, 56, 57, 9,
- 186, 97, 98, 99, 63, 194, 10, 35, 64, 178,
- 106, 107, 108, 109, 110, 111, 112, 46, 134, 80,
- 157, 162, 81, 187, 63, 0, 0, 0, 64, 124,
- -86, 0, 0, 95, 96, 0, 0, 0, 0, 80,
- 97, 98, 99, 100, 101, 102, 103, 104, 105, 106,
- 107, 108, 109, 110, 111, 112, 0, 0, 0, 0,
- 97, 98, 99, 0, 0, 0, 0, 0, 124, 106,
- 107, 108, 109, 110, 111, 112, 0, 0, 0, 0,
- 97, 98, 99, 0, 0, 0, 0, 0, 188, 106,
- 107, 108, 109, 110, 111, 112, 0, 0, 97, 98,
- 99, 0, 0, 0, 0, 0, 159, 106, 107, 108,
- 109, 110, 111, 112, 0, -86, 0, 0, 95, 96,
- 0, 0, 0, 0, 163, 97, 98, 99, 100, 101,
- 102, 103, 104, 105, 106, 107, 108, 109, 110, 111,
- 112, 97, 98, 99, 0, 0, 0, 0, 0, 0,
- 106, 107, 108, 109, 110, 111, 112, 0, 98, 99,
- 0, 0, 0, 0, 0, 167, 106, 107, 108, 109,
- 110, 111, 112, 99, 0, 0, 0, 0, 0, 0,
- 106, 107, 108, 109, 110, 111, 112, 106, 107, 108,
- 109, 110, 111, 112
+ 69, 82, 87, 76, 83, 84, 4, 88, 77, 89,
+ 90, 121, 91, 41, 11, 173, 42, 115, 174, 118,
+ 119, 120, 16, 131, 92, 93, 85, 128, 73, 74,
+ 8, 126, 122, 92, 93, 43, 44, 135, 136, 137,
+ 138, 139, 140, 141, 142, 143, 144, 145, 146, 147,
+ 148, 149, 150, 151, 197, 92, 93, 158, 132, 47,
+ 48, 49, 50, 199, 51, 52, 53, 54, 17, 55,
+ 108, 109, 110, 111, 112, 56, 57, 58, 59, 2,
+ 3, 60, -15, -15, -15, 99, 61, 62, 164, 165,
+ 166, 167, 106, 107, 108, 109, 110, 111, 112, -49,
+ -49, 172, 63, 12, 13, 14, 64, 19, 65, 152,
+ 153, 154, 155, 21, 4, 182, 183, 66, 184, 186,
+ 47, 22, 49, 50, 23, 51, 52, 53, 54, 25,
+ 55, 191, 192, 195, 26, 28, 56, 57, 58, 59,
+ 110, 111, 112, 31, 36, 47, 32, 49, 50, 194,
+ 51, 52, 53, 54, 34, 55, 39, 198, 40, 45,
+ 78, 56, 57, 63, 114, 94, 79, 64, 116, 125,
+ 123, 97, 98, 99, 55, 161, 171, 177, 80, 93,
+ 106, 107, 108, 109, 110, 111, 112, 178, 63, 188,
+ 187, 196, 64, 9, -88, 10, 35, 95, 96, 160,
+ 46, 134, 157, 80, 97, 98, 99, 100, 101, 102,
+ 103, 104, 105, 106, 107, 108, 109, 110, 111, 112,
+ 189, 180, 81, 0, 97, 98, 99, 162, 0, 0,
+ 0, 0, 124, 106, 107, 108, 109, 110, 111, 112,
+ 0, 0, 0, 0, 97, 98, 99, 0, 0, 0,
+ 0, 0, 124, 106, 107, 108, 109, 110, 111, 112,
+ 0, 0, 0, 0, 97, 98, 99, 0, 0, 0,
+ 0, 0, 190, 106, 107, 108, 109, 110, 111, 112,
+ 0, 0, 97, 98, 99, 0, 0, 0, 0, 0,
+ 159, 106, 107, 108, 109, 110, 111, 112, 0, -88,
+ 0, 0, 95, 96, 0, 0, 0, 0, 163, 97,
+ 98, 99, 100, 101, 102, 103, 104, 105, 106, 107,
+ 108, 109, 110, 111, 112, 97, 98, 99, 0, 0,
+ 0, 0, 0, 0, 106, 107, 108, 109, 110, 111,
+ 112, 97, 98, 99, 0, 0, 0, 0, 0, 169,
+ 106, 107, 108, 109, 110, 111, 112, 98, 99, 0,
+ 0, 0, 0, 0, 0, 106, 107, 108, 109, 110,
+ 111, 112, 106, 107, 108, 109, 110, 111, 112
};
static const yytype_int16 yycheck[] =
{
- 39, 32, 66, 38, 39, 0, 1, 35, 3, 4,
- 5, 38, 39, 9, 62, 24, 3, 4, 5, 60,
- 29, 14, 63, 64, 17, 66, 65, 91, 17, 10,
- 9, 59, 13, 68, 30, 76, 67, 78, 79, 80,
- 35, 68, 9, 36, 37, 20, 21, 22, 23, 90,
- 53, 54, 55, 92, 93, 96, 97, 98, 99, 100,
- 101, 102, 103, 104, 105, 106, 107, 108, 109, 110,
- 111, 112, 60, 64, 65, 116, 67, 9, 9, 10,
- 11, 12, 6, 14, 15, 16, 17, 7, 19, 51,
- 52, 53, 54, 55, 25, 26, 27, 28, 17, 18,
- 31, 165, 40, 41, 42, 36, 37, 62, 38, 39,
- 9, 49, 50, 51, 52, 53, 54, 55, 68, 69,
- 62, 52, 38, 39, 8, 56, 63, 58, 68, 69,
- 68, 40, 41, 42, 175, 176, 67, 10, 63, 62,
- 49, 50, 51, 52, 53, 54, 55, 186, 61, 190,
- 65, 9, 30, 11, 12, 194, 14, 15, 16, 17,
- 67, 19, 68, 69, 19, 67, 9, 25, 26, 27,
- 28, 9, 68, 11, 12, 19, 14, 15, 16, 17,
- 39, 19, 29, 62, 64, 67, 62, 25, 26, 3,
- 67, 40, 41, 42, 52, 67, 3, 29, 56, 168,
- 49, 50, 51, 52, 53, 54, 55, 37, 95, 67,
- 114, 122, 60, 181, 52, -1, -1, -1, 56, 68,
- 30, -1, -1, 33, 34, -1, -1, -1, -1, 67,
- 40, 41, 42, 43, 44, 45, 46, 47, 48, 49,
- 50, 51, 52, 53, 54, 55, -1, -1, -1, -1,
- 40, 41, 42, -1, -1, -1, -1, -1, 68, 49,
- 50, 51, 52, 53, 54, 55, -1, -1, -1, -1,
- 40, 41, 42, -1, -1, -1, -1, -1, 68, 49,
- 50, 51, 52, 53, 54, 55, -1, -1, 40, 41,
- 42, -1, -1, -1, -1, -1, 66, 49, 50, 51,
- 52, 53, 54, 55, -1, 30, -1, -1, 33, 34,
- -1, -1, -1, -1, 66, 40, 41, 42, 43, 44,
- 45, 46, 47, 48, 49, 50, 51, 52, 53, 54,
- 55, 40, 41, 42, -1, -1, -1, -1, -1, -1,
- 49, 50, 51, 52, 53, 54, 55, -1, 41, 42,
- -1, -1, -1, -1, -1, 64, 49, 50, 51, 52,
- 53, 54, 55, 42, -1, -1, -1, -1, -1, -1,
- 49, 50, 51, 52, 53, 54, 55, 49, 50, 51,
- 52, 53, 54, 55
+ 39, 60, 66, 24, 63, 64, 35, 66, 29, 64,
+ 65, 9, 67, 14, 17, 10, 17, 76, 13, 78,
+ 79, 80, 9, 32, 38, 39, 65, 91, 17, 18,
+ 59, 90, 30, 38, 39, 36, 37, 96, 97, 98,
+ 99, 100, 101, 102, 103, 104, 105, 106, 107, 108,
+ 109, 110, 111, 112, 68, 38, 39, 116, 67, 9,
+ 10, 11, 12, 68, 14, 15, 16, 17, 62, 19,
+ 51, 52, 53, 54, 55, 25, 26, 27, 28, 0,
+ 1, 31, 3, 4, 5, 42, 36, 37, 68, 69,
+ 129, 130, 49, 50, 51, 52, 53, 54, 55, 38,
+ 39, 165, 52, 3, 4, 5, 56, 9, 58, 20,
+ 21, 22, 23, 60, 35, 68, 69, 67, 177, 178,
+ 9, 9, 11, 12, 6, 14, 15, 16, 17, 62,
+ 19, 68, 69, 192, 7, 9, 25, 26, 27, 28,
+ 53, 54, 55, 62, 10, 9, 8, 11, 12, 188,
+ 14, 15, 16, 17, 63, 19, 62, 196, 61, 63,
+ 65, 25, 26, 52, 19, 30, 67, 56, 67, 9,
+ 68, 40, 41, 42, 19, 29, 62, 64, 67, 39,
+ 49, 50, 51, 52, 53, 54, 55, 67, 52, 67,
+ 62, 67, 56, 3, 30, 3, 29, 33, 34, 68,
+ 37, 95, 114, 67, 40, 41, 42, 43, 44, 45,
+ 46, 47, 48, 49, 50, 51, 52, 53, 54, 55,
+ 183, 170, 60, -1, 40, 41, 42, 122, -1, -1,
+ -1, -1, 68, 49, 50, 51, 52, 53, 54, 55,
+ -1, -1, -1, -1, 40, 41, 42, -1, -1, -1,
+ -1, -1, 68, 49, 50, 51, 52, 53, 54, 55,
+ -1, -1, -1, -1, 40, 41, 42, -1, -1, -1,
+ -1, -1, 68, 49, 50, 51, 52, 53, 54, 55,
+ -1, -1, 40, 41, 42, -1, -1, -1, -1, -1,
+ 66, 49, 50, 51, 52, 53, 54, 55, -1, 30,
+ -1, -1, 33, 34, -1, -1, -1, -1, 66, 40,
+ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
+ 51, 52, 53, 54, 55, 40, 41, 42, -1, -1,
+ -1, -1, -1, -1, 49, 50, 51, 52, 53, 54,
+ 55, 40, 41, 42, -1, -1, -1, -1, -1, 64,
+ 49, 50, 51, 52, 53, 54, 55, 41, 42, -1,
+ -1, -1, -1, -1, -1, 49, 50, 51, 52, 53,
+ 54, 55, 49, 50, 51, 52, 53, 54, 55
};
/* YYSTOS[STATE-NUM] -- The (internal number of the) accessing
@@ -882,19 +881,19 @@ static const yytype_uint8 yystos[] =
61, 14, 17, 36, 37, 63, 84, 9, 10, 11,
12, 14, 15, 16, 17, 19, 25, 26, 27, 28,
31, 36, 37, 52, 56, 58, 67, 88, 90, 91,
- 92, 103, 104, 17, 18, 85, 24, 29, 65, 67,
- 67, 103, 104, 104, 104, 91, 91, 92, 104, 64,
+ 92, 105, 106, 17, 18, 85, 24, 29, 65, 67,
+ 67, 105, 106, 106, 106, 91, 91, 92, 106, 64,
65, 67, 38, 39, 30, 33, 34, 40, 41, 42,
43, 44, 45, 46, 47, 48, 49, 50, 51, 52,
- 53, 54, 55, 86, 19, 104, 67, 97, 104, 104,
- 104, 9, 30, 68, 68, 9, 104, 89, 92, 91,
- 91, 32, 67, 99, 90, 104, 104, 104, 104, 104,
- 104, 104, 104, 104, 104, 104, 104, 104, 104, 104,
- 104, 104, 20, 21, 22, 23, 87, 86, 104, 66,
- 68, 29, 99, 66, 68, 69, 100, 64, 93, 62,
- 92, 10, 13, 101, 102, 64, 67, 96, 97, 95,
- 68, 69, 104, 98, 104, 62, 67, 102, 68, 68,
- 69, 94, 91, 104, 67, 68, 91, 68
+ 53, 54, 55, 86, 19, 106, 67, 99, 106, 106,
+ 106, 9, 30, 68, 68, 9, 106, 89, 92, 97,
+ 96, 32, 67, 101, 90, 106, 106, 106, 106, 106,
+ 106, 106, 106, 106, 106, 106, 106, 106, 106, 106,
+ 106, 106, 20, 21, 22, 23, 87, 86, 106, 66,
+ 68, 29, 101, 66, 68, 69, 91, 91, 102, 64,
+ 93, 62, 92, 10, 13, 103, 104, 64, 67, 98,
+ 99, 95, 68, 69, 106, 100, 106, 62, 67, 104,
+ 68, 68, 69, 94, 91, 106, 67, 68, 91, 68
};
#define yyerrok (yyerrstatus = 0)
@@ -1417,42 +1416,42 @@ yydestruct (yymsg, yytype, yyvaluep, yyscanner, compiler)
case 9: /* "_IDENTIFIER_" */
#line 169 "grammar.y"
{ yr_free((yyvaluep->c_string)); };
-#line 1421 "grammar.c"
+#line 1420 "grammar.c"
break;
case 10: /* "_STRING_IDENTIFIER_" */
#line 170 "grammar.y"
{ yr_free((yyvaluep->c_string)); };
-#line 1426 "grammar.c"
+#line 1425 "grammar.c"
break;
case 11: /* "_STRING_COUNT_" */
#line 171 "grammar.y"
{ yr_free((yyvaluep->c_string)); };
-#line 1431 "grammar.c"
+#line 1430 "grammar.c"
break;
case 12: /* "_STRING_OFFSET_" */
#line 172 "grammar.y"
{ yr_free((yyvaluep->c_string)); };
-#line 1436 "grammar.c"
+#line 1435 "grammar.c"
break;
case 13: /* "_STRING_IDENTIFIER_WITH_WILDCARD_" */
#line 173 "grammar.y"
{ yr_free((yyvaluep->c_string)); };
-#line 1441 "grammar.c"
+#line 1440 "grammar.c"
break;
case 17: /* "_TEXT_STRING_" */
#line 174 "grammar.y"
{ yr_free((yyvaluep->sized_string)); };
-#line 1446 "grammar.c"
+#line 1445 "grammar.c"
break;
case 18: /* "_HEX_STRING_" */
#line 175 "grammar.y"
{ yr_free((yyvaluep->sized_string)); };
-#line 1451 "grammar.c"
+#line 1450 "grammar.c"
break;
case 19: /* "_REGEXP_" */
#line 176 "grammar.y"
{ yr_free((yyvaluep->sized_string)); };
-#line 1456 "grammar.c"
+#line 1455 "grammar.c"
break;
default:
@@ -2660,7 +2659,7 @@ yyreduce:
#line 1015 "grammar.y"
{
int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth;
- int8_t* addr;
+ uint8_t* addr;
// Clear counter for number of expressions evaluating
// to TRUE.
@@ -2780,7 +2779,7 @@ yyreduce:
#line 1129 "grammar.y"
{
int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth;
- int8_t* addr;
+ uint8_t* addr;
if (compiler->loop_depth == MAX_LOOP_NESTING)
compiler->last_result = \
@@ -2882,25 +2881,100 @@ yyreduce:
case 64:
#line 1220 "grammar.y"
{
- yr_parser_emit(yyscanner, OP_AND, NULL);
+ uint8_t* jmp_addr;
- (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN;
+ compiler->last_result = yr_parser_emit_with_arg_reloc(
+ yyscanner,
+ OP_JFALSE,
+ 0, // still don't know the jump destination
+ &jmp_addr);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ // create a fixup entry for the jump and push it in the stack
+ YR_FIXUP* fixup = yr_malloc(sizeof(YR_FIXUP));
+
+ if (fixup == NULL)
+ compiler->last_error = ERROR_INSUFICIENT_MEMORY;
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ fixup->address = (uint64_t*) (jmp_addr + 1);
+ fixup->next = compiler->fixup_stack_head;
+ compiler->fixup_stack_head = fixup;
}
break;
case 65:
-#line 1226 "grammar.y"
+#line 1244 "grammar.y"
{
- CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_BOOLEAN, "or");
+ uint8_t* and_addr;
+
+ compiler->last_result = yr_parser_emit(yyscanner, OP_AND, &and_addr);
- yr_parser_emit(yyscanner, OP_OR, NULL);
+ // Now we know the jump destination, which is the address of the
+ // instruction following the OP_AND. Let's fixup the jump address.
+
+ YR_FIXUP* fixup = compiler->fixup_stack_head;
+ *(fixup->address) = PTR_TO_UINT64(and_addr + 1);
+ compiler->fixup_stack_head = fixup->next;
+ yr_free(fixup);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
(yyval.expression).type = EXPRESSION_TYPE_BOOLEAN;
}
break;
case 66:
-#line 1234 "grammar.y"
+#line 1262 "grammar.y"
+ {
+ uint8_t* jmp_addr;
+
+ compiler->last_result = yr_parser_emit_with_arg_reloc(
+ yyscanner,
+ OP_JTRUE,
+ 0, // still don't know the jump destination
+ &jmp_addr);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ YR_FIXUP* fixup = yr_malloc(sizeof(YR_FIXUP));
+
+ if (fixup == NULL)
+ compiler->last_error = ERROR_INSUFICIENT_MEMORY;
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ fixup->address = (uint64_t*) (jmp_addr + 1);
+ fixup->next = compiler->fixup_stack_head;
+ compiler->fixup_stack_head = fixup;
+ }
+ break;
+
+ case 67:
+#line 1285 "grammar.y"
+ {
+ uint8_t* or_addr;
+
+ compiler->last_result = yr_parser_emit(yyscanner, OP_OR, &or_addr);
+
+ // Now we know the jump destination, which is the address of the
+ // instruction following the OP_OR. Let's fixup the jump address.
+
+ YR_FIXUP* fixup = compiler->fixup_stack_head;
+ *(fixup->address) = PTR_TO_UINT64(or_addr + 1);
+ compiler->fixup_stack_head = fixup->next;
+ yr_free(fixup);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ (yyval.expression).type = EXPRESSION_TYPE_BOOLEAN;
+ }
+ break;
+
+ case 68:
+#line 1303 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "<", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2911,8 +2985,8 @@ yyreduce:
}
break;
- case 67:
-#line 1243 "grammar.y"
+ case 69:
+#line 1312 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, ">", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2923,8 +2997,8 @@ yyreduce:
}
break;
- case 68:
-#line 1252 "grammar.y"
+ case 70:
+#line 1321 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "<=", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2935,8 +3009,8 @@ yyreduce:
}
break;
- case 69:
-#line 1261 "grammar.y"
+ case 71:
+#line 1330 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, ">=", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2947,8 +3021,8 @@ yyreduce:
}
break;
- case 70:
-#line 1270 "grammar.y"
+ case 72:
+#line 1339 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "==", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2959,8 +3033,8 @@ yyreduce:
}
break;
- case 71:
-#line 1279 "grammar.y"
+ case 73:
+#line 1348 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "!=", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -2971,32 +3045,32 @@ yyreduce:
}
break;
- case 72:
-#line 1288 "grammar.y"
+ case 74:
+#line 1357 "grammar.y"
{
(yyval.expression) = (yyvsp[(1) - (1)].expression);
}
break;
- case 73:
-#line 1292 "grammar.y"
+ case 75:
+#line 1361 "grammar.y"
{
(yyval.expression) = (yyvsp[(2) - (3)].expression);
}
break;
- case 74:
-#line 1299 "grammar.y"
+ case 76:
+#line 1368 "grammar.y"
{ (yyval.integer) = INTEGER_SET_ENUMERATION; }
break;
- case 75:
-#line 1300 "grammar.y"
+ case 77:
+#line 1369 "grammar.y"
{ (yyval.integer) = INTEGER_SET_RANGE; }
break;
- case 76:
-#line 1306 "grammar.y"
+ case 78:
+#line 1375 "grammar.y"
{
if ((yyvsp[(2) - (6)].expression).type != EXPRESSION_TYPE_INTEGER)
{
@@ -3016,8 +3090,8 @@ yyreduce:
}
break;
- case 77:
-#line 1328 "grammar.y"
+ case 79:
+#line 1397 "grammar.y"
{
if ((yyvsp[(1) - (1)].expression).type != EXPRESSION_TYPE_INTEGER)
{
@@ -3031,8 +3105,8 @@ yyreduce:
}
break;
- case 78:
-#line 1340 "grammar.y"
+ case 80:
+#line 1409 "grammar.y"
{
if ((yyvsp[(3) - (3)].expression).type != EXPRESSION_TYPE_INTEGER)
{
@@ -3045,61 +3119,61 @@ yyreduce:
}
break;
- case 79:
-#line 1355 "grammar.y"
+ case 81:
+#line 1424 "grammar.y"
{
// Push end-of-list marker
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
}
break;
- case 81:
-#line 1361 "grammar.y"
+ case 83:
+#line 1430 "grammar.y"
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
yr_parser_emit_pushes_for_strings(yyscanner, "$*");
}
break;
- case 84:
-#line 1376 "grammar.y"
+ case 86:
+#line 1445 "grammar.y"
{
yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[(1) - (1)].c_string));
yr_free((yyvsp[(1) - (1)].c_string));
}
break;
- case 85:
-#line 1381 "grammar.y"
+ case 87:
+#line 1450 "grammar.y"
{
yr_parser_emit_pushes_for_strings(yyscanner, (yyvsp[(1) - (1)].c_string));
yr_free((yyvsp[(1) - (1)].c_string));
}
break;
- case 87:
-#line 1391 "grammar.y"
+ case 89:
+#line 1460 "grammar.y"
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, UNDEFINED, NULL);
}
break;
- case 88:
-#line 1395 "grammar.y"
+ case 90:
+#line 1464 "grammar.y"
{
yr_parser_emit_with_arg(yyscanner, OP_PUSH, 1, NULL);
}
break;
- case 89:
-#line 1403 "grammar.y"
+ case 91:
+#line 1472 "grammar.y"
{
(yyval.expression) = (yyvsp[(2) - (3)].expression);
}
break;
- case 90:
-#line 1407 "grammar.y"
+ case 92:
+#line 1476 "grammar.y"
{
compiler->last_result = yr_parser_emit(
yyscanner, OP_FILESIZE, NULL);
@@ -3111,8 +3185,8 @@ yyreduce:
}
break;
- case 91:
-#line 1417 "grammar.y"
+ case 93:
+#line 1486 "grammar.y"
{
yywarning(yyscanner,
"Using deprecated \"entrypoint\" keyword. Use the \"entry_point\" "
@@ -3128,8 +3202,8 @@ yyreduce:
}
break;
- case 92:
-#line 1431 "grammar.y"
+ case 94:
+#line 1500 "grammar.y"
{
CHECK_TYPE((yyvsp[(3) - (4)].expression), EXPRESSION_TYPE_INTEGER, "intXXXX or uintXXXX");
@@ -3147,8 +3221,8 @@ yyreduce:
}
break;
- case 93:
-#line 1447 "grammar.y"
+ case 95:
+#line 1516 "grammar.y"
{
compiler->last_result = yr_parser_emit_with_arg(
yyscanner, OP_PUSH, (yyvsp[(1) - (1)].integer), NULL);
@@ -3160,8 +3234,8 @@ yyreduce:
}
break;
- case 94:
-#line 1457 "grammar.y"
+ case 96:
+#line 1526 "grammar.y"
{
compiler->last_result = yr_parser_emit_with_arg_double(
yyscanner, OP_PUSH, (yyvsp[(1) - (1)].double_), NULL);
@@ -3172,8 +3246,8 @@ yyreduce:
}
break;
- case 95:
-#line 1466 "grammar.y"
+ case 97:
+#line 1535 "grammar.y"
{
SIZED_STRING* sized_string;
@@ -3198,8 +3272,8 @@ yyreduce:
}
break;
- case 96:
-#line 1489 "grammar.y"
+ case 98:
+#line 1558 "grammar.y"
{
compiler->last_result = yr_parser_reduce_string_identifier(
yyscanner,
@@ -3216,8 +3290,8 @@ yyreduce:
}
break;
- case 97:
-#line 1504 "grammar.y"
+ case 99:
+#line 1573 "grammar.y"
{
compiler->last_result = yr_parser_reduce_string_identifier(
yyscanner,
@@ -3234,8 +3308,8 @@ yyreduce:
}
break;
- case 98:
-#line 1519 "grammar.y"
+ case 100:
+#line 1588 "grammar.y"
{
compiler->last_result = yr_parser_emit_with_arg(
yyscanner,
@@ -3259,8 +3333,8 @@ yyreduce:
}
break;
- case 99:
-#line 1541 "grammar.y"
+ case 101:
+#line 1610 "grammar.y"
{
if ((yyvsp[(1) - (1)].expression).type == EXPRESSION_TYPE_INTEGER) // loop identifier
{
@@ -3306,15 +3380,15 @@ yyreduce:
}
break;
- case 100:
-#line 1585 "grammar.y"
+ case 102:
+#line 1654 "grammar.y"
{
CHECK_TYPE((yyvsp[(2) - (2)].expression), EXPRESSION_TYPE_INTEGER | EXPRESSION_TYPE_FLOAT, "-");
if ((yyvsp[(2) - (2)].expression).type == EXPRESSION_TYPE_INTEGER)
{
(yyval.expression).type = EXPRESSION_TYPE_INTEGER;
- (yyval.expression).value.integer = ((yyvsp[(2) - (2)].expression).value.integer == UNDEFINED) ?
+ (yyval.expression).value.integer = ((yyvsp[(2) - (2)].expression).value.integer == UNDEFINED) ?
UNDEFINED : -((yyvsp[(2) - (2)].expression).value.integer);
compiler->last_result = yr_parser_emit(yyscanner, OP_INT_MINUS, NULL);
}
@@ -3328,8 +3402,8 @@ yyreduce:
}
break;
- case 101:
-#line 1604 "grammar.y"
+ case 103:
+#line 1673 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "+", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -3349,8 +3423,8 @@ yyreduce:
}
break;
- case 102:
-#line 1622 "grammar.y"
+ case 104:
+#line 1691 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "-", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -3370,8 +3444,8 @@ yyreduce:
}
break;
- case 103:
-#line 1640 "grammar.y"
+ case 105:
+#line 1709 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "*", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -3391,8 +3465,8 @@ yyreduce:
}
break;
- case 104:
-#line 1658 "grammar.y"
+ case 106:
+#line 1727 "grammar.y"
{
compiler->last_result = yr_parser_reduce_operation(
yyscanner, "\\", (yyvsp[(1) - (3)].expression), (yyvsp[(3) - (3)].expression));
@@ -3412,8 +3486,8 @@ yyreduce:
}
break;
- case 105:
-#line 1676 "grammar.y"
+ case 107:
+#line 1745 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "%");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "%");
@@ -3425,8 +3499,8 @@ yyreduce:
}
break;
- case 106:
-#line 1686 "grammar.y"
+ case 108:
+#line 1755 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
@@ -3438,8 +3512,8 @@ yyreduce:
}
break;
- case 107:
-#line 1696 "grammar.y"
+ case 109:
+#line 1765 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "^");
@@ -3451,8 +3525,8 @@ yyreduce:
}
break;
- case 108:
-#line 1706 "grammar.y"
+ case 110:
+#line 1775 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "|");
@@ -3464,8 +3538,8 @@ yyreduce:
}
break;
- case 109:
-#line 1716 "grammar.y"
+ case 111:
+#line 1785 "grammar.y"
{
CHECK_TYPE((yyvsp[(2) - (2)].expression), EXPRESSION_TYPE_INTEGER, "~");
@@ -3477,8 +3551,8 @@ yyreduce:
}
break;
- case 110:
-#line 1726 "grammar.y"
+ case 112:
+#line 1795 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, "<<");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, "<<");
@@ -3490,8 +3564,8 @@ yyreduce:
}
break;
- case 111:
-#line 1736 "grammar.y"
+ case 113:
+#line 1805 "grammar.y"
{
CHECK_TYPE((yyvsp[(1) - (3)].expression), EXPRESSION_TYPE_INTEGER, ">>");
CHECK_TYPE((yyvsp[(3) - (3)].expression), EXPRESSION_TYPE_INTEGER, ">>");
@@ -3503,8 +3577,8 @@ yyreduce:
}
break;
- case 112:
-#line 1746 "grammar.y"
+ case 114:
+#line 1815 "grammar.y"
{
(yyval.expression) = (yyvsp[(1) - (1)].expression);
}
@@ -3512,7 +3586,7 @@ yyreduce:
/* Line 1267 of yacc.c. */
-#line 3516 "grammar.c"
+#line 3590 "grammar.c"
default: break;
}
YY_SYMBOL_PRINT ("-> $$ =", yyr1[yyn], &yyval, &yyloc);
@@ -3726,6 +3800,6 @@ yyreturn:
}
-#line 1751 "grammar.y"
+#line 1820 "grammar.y"
diff --git a/libyara/grammar.y b/libyara/grammar.y
index 79c9fdb..977d377 100644
--- a/libyara/grammar.y
+++ b/libyara/grammar.y
@@ -1014,7 +1014,7 @@ expression
integer_set ':'
{
int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth;
- int8_t* addr;
+ uint8_t* addr;
// Clear counter for number of expressions evaluating
// to TRUE.
@@ -1128,7 +1128,7 @@ expression
| _FOR_ for_expression _OF_ string_set ':'
{
int mem_offset = LOOP_LOCAL_VARS * compiler->loop_depth;
- int8_t* addr;
+ uint8_t* addr;
if (compiler->loop_depth == MAX_LOOP_NESTING)
compiler->last_result = \
@@ -1216,17 +1216,86 @@ expression
$$.type = EXPRESSION_TYPE_BOOLEAN;
}
- | boolean_expression _AND_ boolean_expression
+ | boolean_expression _AND_
{
- yr_parser_emit(yyscanner, OP_AND, NULL);
+ uint8_t* jmp_addr;
+
+ compiler->last_result = yr_parser_emit_with_arg_reloc(
+ yyscanner,
+ OP_JFALSE,
+ 0, // still don't know the jump destination
+ &jmp_addr);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ // create a fixup entry for the jump and push it in the stack
+ YR_FIXUP* fixup = yr_malloc(sizeof(YR_FIXUP));
+
+ if (fixup == NULL)
+ compiler->last_error = ERROR_INSUFICIENT_MEMORY;
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ fixup->address = (uint64_t*) (jmp_addr + 1);
+ fixup->next = compiler->fixup_stack_head;
+ compiler->fixup_stack_head = fixup;
+ }
+ boolean_expression
+ {
+ uint8_t* and_addr;
+
+ compiler->last_result = yr_parser_emit(yyscanner, OP_AND, &and_addr);
+
+ // Now we know the jump destination, which is the address of the
+ // instruction following the OP_AND. Let's fixup the jump address.
+
+ YR_FIXUP* fixup = compiler->fixup_stack_head;
+ *(fixup->address) = PTR_TO_UINT64(and_addr + 1);
+ compiler->fixup_stack_head = fixup->next;
+ yr_free(fixup);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
$$.type = EXPRESSION_TYPE_BOOLEAN;
}
- | boolean_expression _OR_ boolean_expression
+ | boolean_expression _OR_
{
- CHECK_TYPE($1, EXPRESSION_TYPE_BOOLEAN, "or");
+ uint8_t* jmp_addr;
- yr_parser_emit(yyscanner, OP_OR, NULL);
+ compiler->last_result = yr_parser_emit_with_arg_reloc(
+ yyscanner,
+ OP_JTRUE,
+ 0, // still don't know the jump destination
+ &jmp_addr);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ YR_FIXUP* fixup = yr_malloc(sizeof(YR_FIXUP));
+
+ if (fixup == NULL)
+ compiler->last_error = ERROR_INSUFICIENT_MEMORY;
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
+
+ fixup->address = (uint64_t*) (jmp_addr + 1);
+ fixup->next = compiler->fixup_stack_head;
+ compiler->fixup_stack_head = fixup;
+ }
+ boolean_expression
+ {
+ uint8_t* or_addr;
+
+ compiler->last_result = yr_parser_emit(yyscanner, OP_OR, &or_addr);
+
+ // Now we know the jump destination, which is the address of the
+ // instruction following the OP_OR. Let's fixup the jump address.
+
+ YR_FIXUP* fixup = compiler->fixup_stack_head;
+ *(fixup->address) = PTR_TO_UINT64(or_addr + 1);
+ compiler->fixup_stack_head = fixup->next;
+ yr_free(fixup);
+
+ ERROR_IF(compiler->last_result != ERROR_SUCCESS);
$$.type = EXPRESSION_TYPE_BOOLEAN;
}
@@ -1588,7 +1657,7 @@ primary_expression
if ($2.type == EXPRESSION_TYPE_INTEGER)
{
$$.type = EXPRESSION_TYPE_INTEGER;
- $$.value.integer = ($2.value.integer == UNDEFINED) ?
+ $$.value.integer = ($2.value.integer == UNDEFINED) ?
UNDEFINED : -($2.value.integer);
compiler->last_result = yr_parser_emit(yyscanner, OP_INT_MINUS, NULL);
}
diff --git a/libyara/include/yara/compiler.h b/libyara/include/yara/compiler.h
index eaa20ff..bff718c 100644
--- a/libyara/include/yara/compiler.h
+++ b/libyara/include/yara/compiler.h
@@ -38,6 +38,14 @@ typedef void (*YR_COMPILER_CALLBACK_FUNC)(
void* user_data);
+typedef struct _YR_FIXUP
+{
+ uint64_t* address;
+ struct _YR_FIXUP* next;
+
+} YR_FIXUP;
+
+
typedef struct _YR_COMPILER
{
int errors;
@@ -65,10 +73,12 @@ typedef struct _YR_COMPILER
YR_NAMESPACE* current_namespace;
YR_STRING* current_rule_strings;
+ YR_FIXUP* fixup_stack_head;
+
int current_rule_flags;
int namespaces_count;
- int8_t* loop_address[MAX_LOOP_NESTING];
+ uint8_t* loop_address[MAX_LOOP_NESTING];
char* loop_identifier[MAX_LOOP_NESTING];
int loop_depth;
int loop_for_of_mem_offset;
@@ -107,7 +117,7 @@ typedef struct _YR_COMPILER
compiler->last_error_extra_info, \
sizeof(compiler->last_error_extra_info), \
fmt, __VA_ARGS__);
-
+
int _yr_compiler_push_file(
YR_COMPILER* compiler,
diff --git a/libyara/include/yara/exec.h b/libyara/include/yara/exec.h
index a673a14..f10551d 100644
--- a/libyara/include/yara/exec.h
+++ b/libyara/include/yara/exec.h
@@ -70,6 +70,8 @@ limitations under the License.
#define OP_MATCHES 39
#define OP_IMPORT 40
#define OP_LOOKUP_DICT 41
+#define OP_JFALSE 42
+#define OP_JTRUE 43
#define _OP_EQ 0
#define _OP_NEQ 1
diff --git a/libyara/include/yara/parser.h b/libyara/include/yara/parser.h
index b5b3e65..d2322d9 100644
--- a/libyara/include/yara/parser.h
+++ b/libyara/include/yara/parser.h
@@ -23,29 +23,29 @@ limitations under the License.
int yr_parser_emit(
yyscan_t yyscanner,
- int8_t instruction,
- int8_t** instruction_address);
+ uint8_t instruction,
+ uint8_t** instruction_address);
int yr_parser_emit_with_arg(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
int64_t argument,
- int8_t** instruction_address);
+ uint8_t** instruction_address);
int yr_parser_emit_with_arg_double(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
double argument,
- int8_t** instruction_address);
+ uint8_t** instruction_address);
int yr_parser_emit_with_arg_reloc(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
int64_t argument,
- int8_t** instruction_address);
+ uint8_t** instruction_address);
int yr_parser_check_types(
@@ -91,7 +91,7 @@ YR_META* yr_parser_reduce_meta_declaration(
int yr_parser_reduce_string_identifier(
yyscan_t yyscanner,
const char* identifier,
- int8_t instruction,
+ uint8_t instruction,
uint64_t at_offset);
@@ -103,7 +103,7 @@ int yr_parser_emit_pushes_for_strings(
int yr_parser_reduce_external(
yyscan_t yyscanner,
const char* identifier,
- int8_t intruction);
+ uint8_t intruction);
int yr_parser_reduce_import(
diff --git a/libyara/parser.c b/libyara/parser.c
index a9d9ce4..097fa5c 100644
--- a/libyara/parser.c
+++ b/libyara/parser.c
@@ -36,8 +36,8 @@ limitations under the License.
int yr_parser_emit(
yyscan_t yyscanner,
- int8_t instruction,
- int8_t** instruction_address)
+ uint8_t instruction,
+ uint8_t** instruction_address)
{
return yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
@@ -49,14 +49,14 @@ int yr_parser_emit(
int yr_parser_emit_with_arg_double(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
double argument,
- int8_t** instruction_address)
+ uint8_t** instruction_address)
{
int result = yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
&instruction,
- sizeof(int8_t),
+ sizeof(uint8_t),
(void**) instruction_address);
if (result == ERROR_SUCCESS)
@@ -72,14 +72,14 @@ int yr_parser_emit_with_arg_double(
int yr_parser_emit_with_arg(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
int64_t argument,
- int8_t** instruction_address)
+ uint8_t** instruction_address)
{
int result = yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
&instruction,
- sizeof(int8_t),
+ sizeof(uint8_t),
(void**) instruction_address);
if (result == ERROR_SUCCESS)
@@ -95,16 +95,16 @@ int yr_parser_emit_with_arg(
int yr_parser_emit_with_arg_reloc(
yyscan_t yyscanner,
- int8_t instruction,
+ uint8_t instruction,
int64_t argument,
- int8_t** instruction_address)
+ uint8_t** instruction_address)
{
void* ptr;
int result = yr_arena_write_data(
yyget_extra(yyscanner)->code_arena,
&instruction,
- sizeof(int8_t),
+ sizeof(uint8_t),
(void**) instruction_address);
if (result == ERROR_SUCCESS)
@@ -745,7 +745,7 @@ int yr_parser_reduce_rule_declaration(
int yr_parser_reduce_string_identifier(
yyscan_t yyscanner,
const char* identifier,
- int8_t instruction,
+ uint8_t instruction,
uint64_t at_offset)
{
YR_STRING* string;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list