[Forensics-changes] [yara] 358/368: Put variable declarations at the beginning of code blocks

Sat Jul 1 10:30:58 UTC 2017

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.5.0
in repository yara.

commit 2a19ada34112ae0210fcb010e7b1550410d5035e
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Sat Jul 2 18:05:00 2016 +0200

    Put variable declarations at the beginning of code blocks
---
 libyara/modules/math.c |  7 +++----
 libyara/modules/pe.c   | 15 +++++++++------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/libyara/modules/math.c b/libyara/modules/math.c
index 1c38b3d..0a5638c 100644
--- a/libyara/modules/math.c
+++ b/libyara/modules/math.c
@@ -209,15 +209,14 @@ define_function(data_deviation)
     if (offset >= block->base &&
         offset < block->base + block->size)
     {
+      size_t data_offset = (size_t)(offset - block->base);
+      size_t data_len = (size_t)yr_min(
+          length, (size_t)(block->size - data_offset));
       uint8_t* block_data = block->fetch_data(block);
 
       if (block_data == NULL)
         return_float(UNDEFINED);
 
-      size_t data_offset = (size_t) (offset - block->base);
-      size_t data_len = (size_t) yr_min(
-        length, (size_t) (block->size - data_offset));
-
       total_len += data_len;
       offset += data_len;
       length -= data_len;
diff --git a/libyara/modules/pe.c b/libyara/modules/pe.c
index 0529003..14d2245 100644
--- a/libyara/modules/pe.c
+++ b/libyara/modules/pe.c
@@ -420,10 +420,6 @@ int64_t pe_rva_to_offset(
       if (rva >= section->VirtualAddress &&
           section_rva <= section->VirtualAddress)
       {
-        section_rva = section->VirtualAddress;
-        section_offset = section->PointerToRawData;
-        section_raw_size = section->SizeOfRawData;
-
         // Round section_offset
         //
         // Rounding everything less than 0x200 to 0 as discussed in
@@ -434,8 +430,13 @@ int64_t pe_rva_to_offset(
         //
         // If FileAlignment is >= 0x200, it is apparently ignored (see
         // Ero Carreras's pefile.py, PE.adjust_FileAlignment).
+
         int alignment = yr_min(OptionalHeader(pe, FileAlignment), 0x200);
 
+        section_rva = section->VirtualAddress;
+        section_offset = section->PointerToRawData;
+        section_raw_size = section->SizeOfRawData;
+
         if (alignment)
         {
           int rest = section_offset % alignment;
@@ -2514,12 +2515,14 @@ int module_load(
 
   foreach_memory_block(iterator, block)
   {
-    uint8_t* block_data = block->fetch_data(block);
+	PIMAGE_NT_HEADERS32 pe_header;
+
+	uint8_t* block_data = block->fetch_data(block);
 
     if (block_data == NULL)
       continue;
 
-    PIMAGE_NT_HEADERS32 pe_header = pe_get_header(block_data, block->size);
+    Ppe_header = pe_get_header(block_data, block->size);
 
     if (pe_header != NULL)
     {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

