[Forensics-changes] [yara] 19/192: Fix issue causing bad quality atoms to be discarded

Hilko Bengen bengen at moszumanska.debian.org
Sat Jul 1 10:31:42 UTC 2017 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to annotated tag v3.6.0
in repository yara.

commit 1da9ec4da72279aac5387be928e2b3b1dc0c997e
Author: plusvic <plusvic at gmail.com>
Date:   Mon Sep 5 11:22:53 2016 +0200

    Fix issue causing bad quality atoms to be discarded
    
    In certain regexps the only atoms that can be extracted are low quality ones, but a bad quality atom is always better than no atom at all. For some regexps those low quality atoms were being discarded and not used.
---
 libyara/atoms.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/libyara/atoms.c b/libyara/atoms.c
index 45dc51d..bf0ae72 100644
--- a/libyara/atoms.c
+++ b/libyara/atoms.c
@@ -89,6 +89,10 @@ will end up using the "Look" atom alone, but in /a(bcd|efg)h/ atoms "bcd" and
 #include <yara/types.h>
 
 
+#define YR_MAX_ATOM_QUALITY   100000
+#define YR_MIN_ATOM_QUALITY  -100000
+
+
 #define append_current_leaf_to_node(node) \
     if (atom_tree->current_leaf != NULL) \
     { \
@@ -173,10 +177,10 @@ int yr_atoms_min_quality(
   YR_ATOM_LIST_ITEM* atom;
 
   int quality;
-  int min_quality = 100000;
+  int min_quality = YR_MAX_ATOM_QUALITY;
 
   if (atom_list == NULL)
-    return 0;
+    return YR_MIN_ATOM_QUALITY;
 
   atom = atom_list;
 
@@ -351,8 +355,8 @@ int _yr_atoms_choose(
   YR_ATOM_LIST_ITEM* tail;
 
   int i, quality;
-  int max_quality = -10000;
-  int min_quality = 10000;
+  int max_quality = YR_MIN_ATOM_QUALITY;
+  int min_quality = YR_MAX_ATOM_QUALITY;
 
   *choosen_atoms = NULL;
 
@@ -1020,7 +1024,7 @@ int yr_atoms_extract_from_re(
   YR_ATOM_LIST_ITEM* case_insentive_atoms;
   YR_ATOM_LIST_ITEM* triplet_atoms;
 
-  int min_atom_quality = 0;
+  int min_atom_quality = YR_MIN_ATOM_QUALITY;
 
   if (atom_tree == NULL)
     return ERROR_INSUFICIENT_MEMORY;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list