[Forensics-changes] [yara] 86/192: Fix issue #576
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:50 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit eb491e03851a11bc811173f5e13c89cefa7257ac
Author: plusvic <plusvic at gmail.com>
Date: Wed Jan 4 16:18:03 2017 +0100
Fix issue #576
---
libyara/lexer.c | 128 +++++++++++++++++++++++++++++++++-----------------------
libyara/lexer.l | 7 ++++
2 files changed, 82 insertions(+), 53 deletions(-)
diff --git a/libyara/lexer.c b/libyara/lexer.c
index 80ed7ac..c3ec96c 100644
--- a/libyara/lexer.c
+++ b/libyara/lexer.c
@@ -9,7 +9,7 @@
#define FLEX_SCANNER
#define YY_FLEX_MAJOR_VERSION 2
#define YY_FLEX_MINOR_VERSION 6
-#define YY_FLEX_SUBMINOR_VERSION 1
+#define YY_FLEX_SUBMINOR_VERSION 0
#if YY_FLEX_SUBMINOR_VERSION > 0
#define FLEX_BETA
#endif
@@ -88,13 +88,25 @@ typedef unsigned int flex_uint32_t;
#endif /* ! FLEXINT_H */
-/* TODO: this is always defined, so inline it */
-#define yyconst const
+#ifdef __cplusplus
-#if defined(__GNUC__) && __GNUC__ >= 3
-#define yynoreturn __attribute__((__noreturn__))
+/* The "const" storage-class-modifier is valid. */
+#define YY_USE_CONST
+
+#else /* ! __cplusplus */
+
+/* C99 requires __STDC__ to be defined as 1. */
+#if defined (__STDC__)
+
+#define YY_USE_CONST
+
+#endif /* defined (__STDC__) */
+#endif /* ! __cplusplus */
+
+#ifdef YY_USE_CONST
+#define yyconst const
#else
-#define yynoreturn
+#define yyconst
#endif
/* Returned upon end-of-file. */
@@ -226,12 +238,12 @@ struct yy_buffer_state
/* Size of input buffer in bytes, not including room for EOB
* characters.
*/
- int yy_buf_size;
+ yy_size_t yy_buf_size;
/* Number of characters read into yy_ch_buf, not including EOB
* characters.
*/
- int yy_n_chars;
+ yy_size_t yy_n_chars;
/* Whether we "own" the buffer - i.e., we know we created it,
* and can realloc() it to grow it, and should free() it to
@@ -310,7 +322,7 @@ static void yara_yy_init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yyscanne
YY_BUFFER_STATE yara_yy_scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner );
YY_BUFFER_STATE yara_yy_scan_string (yyconst char *yy_str ,yyscan_t yyscanner );
-YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner );
+YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner );
void *yara_yyalloc (yy_size_t ,yyscan_t yyscanner );
void *yara_yyrealloc (void *,yy_size_t ,yyscan_t yyscanner );
@@ -354,14 +366,17 @@ typedef int yy_state_type;
static yy_state_type yy_get_previous_state (yyscan_t yyscanner );
static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner);
static int yy_get_next_buffer (yyscan_t yyscanner );
-static void yynoreturn yy_fatal_error (yyconst char* msg ,yyscan_t yyscanner );
+#if defined(__GNUC__) && __GNUC__ >= 3
+__attribute__((__noreturn__))
+#endif
+static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner );
/* Done after the current pattern has been matched and before the
* corresponding action - sets up yytext.
*/
#define YY_DO_BEFORE_ACTION \
yyg->yytext_ptr = yy_bp; \
- yyleng = (int) (yy_cp - yy_bp); \
+ yyleng = (size_t) (yy_cp - yy_bp); \
yyg->yy_hold_char = *yy_cp; \
*yy_cp = '\0'; \
yyg->yy_c_buf_p = yy_cp;
@@ -800,7 +815,7 @@ with noyywrap then we can remove this pragma.
-#line 804 "lexer.c"
+#line 819 "lexer.c"
#define INITIAL 0
#define str 1
@@ -833,8 +848,8 @@ struct yyguts_t
size_t yy_buffer_stack_max; /**< capacity of stack. */
YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */
char yy_hold_char;
- int yy_n_chars;
- int yyleng_r;
+ yy_size_t yy_n_chars;
+ yy_size_t yyleng_r;
char *yy_c_buf_p;
int yy_init;
int yy_start;
@@ -887,7 +902,7 @@ FILE *yara_yyget_out (yyscan_t yyscanner );
void yara_yyset_out (FILE * _out_str ,yyscan_t yyscanner );
- int yara_yyget_leng (yyscan_t yyscanner );
+yy_size_t yara_yyget_leng (yyscan_t yyscanner );
char *yara_yyget_text (yyscan_t yyscanner );
@@ -952,7 +967,7 @@ static int input (yyscan_t yyscanner );
/* This used to be an fputs(), but since the string might contain NUL's,
* we now use fwrite().
*/
-#define ECHO do { if (fwrite( yytext, (size_t) yyleng, 1, yyout )) {} } while (0)
+#define ECHO do { if (fwrite( yytext, yyleng, 1, yyout )) {} } while (0)
#endif
/* Gets input and stuffs it into "buf". number of characters read, or YY_NULL,
@@ -976,7 +991,7 @@ static int input (yyscan_t yyscanner );
else \
{ \
errno=0; \
- while ( (result = (int) fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
+ while ( (result = fread(buf, 1, max_size, yyin))==0 && ferror(yyin)) \
{ \
if( errno != EINTR) \
{ \
@@ -1080,7 +1095,7 @@ YY_DECL
#line 129 "lexer.l"
-#line 1084 "lexer.c"
+#line 1099 "lexer.c"
while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */
{
@@ -1110,7 +1125,7 @@ yy_match:
if ( yy_current_state >= 243 )
yy_c = yy_meta[(unsigned int) yy_c];
}
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c];
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
++yy_cp;
}
while ( yy_current_state != 242 );
@@ -1822,6 +1837,13 @@ YY_RULE_SETUP
{
LEX_CHECK_SPACE_OK("\\.", yyextra->lex_buf_len, LEX_BUF_SIZE);
+
+ if (yytext[1] == 0)
+ {
+ yyerror(yyscanner, compiler, "malformed regular expression");
+ yyterminate();
+ }
+
*yyextra->lex_buf_ptr++ = yytext[0];
*yyextra->lex_buf_ptr++ = yytext[1];
yyextra->lex_buf_len += 2;
@@ -1829,13 +1851,13 @@ YY_RULE_SETUP
YY_BREAK
case 66:
YY_RULE_SETUP
-#line 598 "lexer.l"
+#line 605 "lexer.l"
{ YYTEXT_TO_BUFFER; }
YY_BREAK
case 67:
/* rule 67 can match eol */
YY_RULE_SETUP
-#line 601 "lexer.l"
+#line 608 "lexer.l"
{
yyerror(yyscanner, compiler, "unterminated regular expression");
@@ -1844,7 +1866,7 @@ YY_RULE_SETUP
YY_BREAK
case 68:
YY_RULE_SETUP
-#line 608 "lexer.l"
+#line 615 "lexer.l"
{
yyextra->lex_buf_ptr = yyextra->lex_buf;
@@ -1854,7 +1876,7 @@ YY_RULE_SETUP
YY_BREAK
case 69:
YY_RULE_SETUP
-#line 616 "lexer.l"
+#line 623 "lexer.l"
{
yyextra->lex_buf_ptr = yyextra->lex_buf;
@@ -1865,7 +1887,7 @@ YY_RULE_SETUP
case 70:
/* rule 70 can match eol */
YY_RULE_SETUP
-#line 624 "lexer.l"
+#line 631 "lexer.l"
{
// Match hex-digits with whitespace or comments. The latter are stripped
// out by hex_lexer.l
@@ -1881,12 +1903,12 @@ YY_RULE_SETUP
case 71:
/* rule 71 can match eol */
YY_RULE_SETUP
-#line 637 "lexer.l"
+#line 644 "lexer.l"
/* skip whitespace */
YY_BREAK
case 72:
YY_RULE_SETUP
-#line 639 "lexer.l"
+#line 646 "lexer.l"
{
if (yytext[0] >= 32 && yytext[0] < 127)
@@ -1902,10 +1924,10 @@ YY_RULE_SETUP
YY_BREAK
case 73:
YY_RULE_SETUP
-#line 652 "lexer.l"
+#line 659 "lexer.l"
ECHO;
YY_BREAK
-#line 1909 "lexer.c"
+#line 1931 "lexer.c"
case YY_END_OF_BUFFER:
{
@@ -2092,7 +2114,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{
- int num_to_read =
+ yy_size_t num_to_read =
YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1;
while ( num_to_read <= 0 )
@@ -2106,7 +2128,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
if ( b->yy_is_our_buffer )
{
- int new_size = b->yy_buf_size * 2;
+ yy_size_t new_size = b->yy_buf_size * 2;
if ( new_size <= 0 )
b->yy_buf_size += b->yy_buf_size / 8;
@@ -2119,7 +2141,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
}
else
/* Can't grow it, we don't own it. */
- b->yy_ch_buf = NULL;
+ b->yy_ch_buf = 0;
if ( ! b->yy_ch_buf )
YY_FATAL_ERROR(
@@ -2161,9 +2183,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
ret_val = EOB_ACT_CONTINUE_SCAN;
- if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
+ if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) {
/* Extend the array by 50%, plus the number we really need. */
- int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
+ yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1);
YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) yara_yyrealloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner );
if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf )
YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" );
@@ -2202,7 +2224,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
if ( yy_current_state >= 243 )
yy_c = yy_meta[(unsigned int) yy_c];
}
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c];
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
}
return yy_current_state;
@@ -2231,7 +2253,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
if ( yy_current_state >= 243 )
yy_c = yy_meta[(unsigned int) yy_c];
}
- yy_current_state = yy_nxt[yy_base[yy_current_state] + (flex_int16_t) yy_c];
+ yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c];
yy_is_jam = (yy_current_state == 242);
(void)yyg;
@@ -2267,7 +2289,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
else
{ /* need more input */
- int offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
+ yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr;
++yyg->yy_c_buf_p;
switch ( yy_get_next_buffer( yyscanner ) )
@@ -2291,7 +2313,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner)
case EOB_ACT_END_OF_FILE:
{
if ( yara_yywrap(yyscanner ) )
- return 0;
+ return EOF;
if ( ! yyg->yy_did_buffer_switch_on_eof )
YY_NEW_FILE;
@@ -2554,7 +2576,7 @@ void yara_yypop_buffer_state (yyscan_t yyscanner)
*/
static void yara_yyensure_buffer_stack (yyscan_t yyscanner)
{
- int num_to_alloc;
+ yy_size_t num_to_alloc;
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
if (!yyg->yy_buffer_stack) {
@@ -2563,7 +2585,7 @@ static void yara_yyensure_buffer_stack (yyscan_t yyscanner)
* scanner will even need a stack. We use 2 instead of 1 to avoid an
* immediate realloc on the next call.
*/
- num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */
+ num_to_alloc = 1; // After all that talk, this was set to 1 anyways...
yyg->yy_buffer_stack = (struct yy_buffer_state**)yara_yyalloc
(num_to_alloc * sizeof(struct yy_buffer_state*)
, yyscanner);
@@ -2610,7 +2632,7 @@ YY_BUFFER_STATE yara_yy_scan_buffer (char * base, yy_size_t size , yyscan_t yy
base[size-2] != YY_END_OF_BUFFER_CHAR ||
base[size-1] != YY_END_OF_BUFFER_CHAR )
/* They forgot to leave room for the EOB's. */
- return NULL;
+ return 0;
b = (YY_BUFFER_STATE) yara_yyalloc(sizeof( struct yy_buffer_state ) ,yyscanner );
if ( ! b )
@@ -2619,7 +2641,7 @@ YY_BUFFER_STATE yara_yy_scan_buffer (char * base, yy_size_t size , yyscan_t yy
b->yy_buf_size = size - 2; /* "- 2" to take care of EOB's */
b->yy_buf_pos = b->yy_ch_buf = base;
b->yy_is_our_buffer = 0;
- b->yy_input_file = NULL;
+ b->yy_input_file = 0;
b->yy_n_chars = b->yy_buf_size;
b->yy_is_interactive = 0;
b->yy_at_bol = 1;
@@ -2642,7 +2664,7 @@ YY_BUFFER_STATE yara_yy_scan_buffer (char * base, yy_size_t size , yyscan_t yy
YY_BUFFER_STATE yara_yy_scan_string (yyconst char * yystr , yyscan_t yyscanner)
{
- return yara_yy_scan_bytes(yystr,(int) strlen(yystr) ,yyscanner);
+ return yara_yy_scan_bytes(yystr,strlen(yystr) ,yyscanner);
}
/** Setup the input buffer state to scan the given bytes. The next call to yara_yylex() will
@@ -2652,7 +2674,7 @@ YY_BUFFER_STATE yara_yy_scan_string (yyconst char * yystr , yyscan_t yyscanner)
* @param yyscanner The scanner object.
* @return the newly allocated buffer state object.
*/
-YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner)
+YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner)
{
YY_BUFFER_STATE b;
char *buf;
@@ -2660,7 +2682,7 @@ YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ,
yy_size_t i;
/* Get memory for full buffer, including space for trailing EOB's. */
- n = (yy_size_t) _yybytes_len + 2;
+ n = _yybytes_len + 2;
buf = (char *) yara_yyalloc(n ,yyscanner );
if ( ! buf )
YY_FATAL_ERROR( "out of dynamic memory in yara_yy_scan_bytes()" );
@@ -2686,7 +2708,7 @@ YY_BUFFER_STATE yara_yy_scan_bytes (yyconst char * yybytes, int _yybytes_len ,
#define YY_EXIT_FAILURE 2
#endif
-static void yynoreturn yy_fatal_error (yyconst char* msg , yyscan_t yyscanner)
+static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
(void)yyg;
@@ -2769,7 +2791,7 @@ FILE *yara_yyget_out (yyscan_t yyscanner)
/** Get the length of the current token.
* @param yyscanner The scanner object.
*/
-int yara_yyget_leng (yyscan_t yyscanner)
+yy_size_t yara_yyget_leng (yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
return yyleng;
@@ -2940,10 +2962,10 @@ static int yy_init_globals (yyscan_t yyscanner)
* This function is called from yara_yylex_destroy(), so don't allocate here.
*/
- yyg->yy_buffer_stack = NULL;
+ yyg->yy_buffer_stack = 0;
yyg->yy_buffer_stack_top = 0;
yyg->yy_buffer_stack_max = 0;
- yyg->yy_c_buf_p = NULL;
+ yyg->yy_c_buf_p = (char *) 0;
yyg->yy_init = 0;
yyg->yy_start = 0;
@@ -2956,8 +2978,8 @@ static int yy_init_globals (yyscan_t yyscanner)
yyin = stdin;
yyout = stdout;
#else
- yyin = NULL;
- yyout = NULL;
+ yyin = (FILE *) 0;
+ yyout = (FILE *) 0;
#endif
/* For future reference: Set errno on error, since we are called by
@@ -3027,7 +3049,7 @@ void *yara_yyalloc (yy_size_t size , yyscan_t yyscanner)
{
struct yyguts_t * yyg = (struct yyguts_t*)yyscanner;
(void)yyg;
- return malloc(size);
+ return (void *) malloc( size );
}
void *yara_yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner)
@@ -3042,7 +3064,7 @@ void *yara_yyrealloc (void * ptr, yy_size_t size , yyscan_t yyscanner)
* any pointer type to void*, and deal with argument conversions
* as though doing an assignment.
*/
- return realloc(ptr, size);
+ return (void *) realloc( (char *) ptr, size );
}
void yara_yyfree (void * ptr , yyscan_t yyscanner)
@@ -3054,7 +3076,7 @@ void yara_yyfree (void * ptr , yyscan_t yyscanner)
#define YYTABLES_NAME "yytables"
-#line 652 "lexer.l"
+#line 659 "lexer.l"
diff --git a/libyara/lexer.l b/libyara/lexer.l
index eee3e51..6d6337f 100644
--- a/libyara/lexer.l
+++ b/libyara/lexer.l
@@ -589,6 +589,13 @@ u?int(8|16|32)(be)? {
<regexp>\\. {
LEX_CHECK_SPACE_OK("\\.", yyextra->lex_buf_len, LEX_BUF_SIZE);
+
+ if (yytext[1] == 0)
+ {
+ yyerror(yyscanner, compiler, "malformed regular expression");
+ yyterminate();
+ }
+
*yyextra->lex_buf_ptr++ = yytext[0];
*yyextra->lex_buf_ptr++ = yytext[1];
yyextra->lex_buf_len += 2;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list