[Forensics-changes] [yara] 65/368: Bump MAX_PE_IMPORTS to 16384.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:30:12 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.5.0
in repository yara.
commit 974cebea86a4d2be412b4e729f385d12e2f9365e
Author: Wesley Shields <wxs at atarininja.org>
Date: Tue Sep 22 19:48:42 2015 -0400
Bump MAX_PE_IMPORTS to 16384.
Because the imports are parsed and stored for later analysis anytime we
run into the limit, imphash(), imports() and related functions would
return incorrect results when compared to other tools.
This is a compromise to bump it up from 256 to 16384 but it ultimately
doesn't fix the problem that was introduced in 1cc98f7. It seems to be a
conflict of interest between parsing accuracy and memory usage.
---
libyara/modules/pe.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index c683d23..f8e941a 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -73,7 +73,7 @@ limitations under the License.
#define MAX_PE_SECTIONS 96
-#define MAX_PE_IMPORTS 256
+#define MAX_PE_IMPORTS 16384
#define MAX_PE_EXPORTS 65535
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list