[Forensics-changes] [yara] 143/160: Better atom extraction when using {n, m} quantifiers
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:29:27 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.4.0
in repository yara.
commit 76de3a76ac131798aadd245a2929343b59eb6d64
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Thu Jun 4 10:29:06 2015 +0200
Better atom extraction when using {n,m} quantifiers
In regexp /ab{1,2}c/ the atom extracted now is "ab", before this patch it was "a".
---
libyara/atoms.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libyara/atoms.c b/libyara/atoms.c
index 3c13452..5ef650c 100644
--- a/libyara/atoms.c
+++ b/libyara/atoms.c
@@ -771,7 +771,8 @@ ATOM_TREE_NODE* _yr_atoms_extract_from_re_node(
case RE_NODE_RANGE:
- append_current_leaf_to_node(current_node);
+ if (re_node->start == 0)
+ append_current_leaf_to_node(current_node);
for (i = 0; i < re_node->start; i++)
{
@@ -782,7 +783,7 @@ ATOM_TREE_NODE* _yr_atoms_extract_from_re_node(
return NULL;
}
- if (re_node->start > 0)
+ if (re_node->start != re_node->end)
append_current_leaf_to_node(current_node);
return current_node;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list