[Forensics-changes] [yara] 112/192: Add some comments and do minor style improvements.
Hilko Bengen
bengen at moszumanska.debian.org
Sat Jul 1 10:31:54 UTC 2017
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to annotated tag v3.6.0
in repository yara.
commit ef2251fa824d5c7725456c58341f0b79329c90fd
Author: plusvic <plusvic at gmail.com>
Date: Wed Mar 15 16:09:55 2017 +0100
Add some comments and do minor style improvements.
---
libyara/re.c | 47 ++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 42 insertions(+), 5 deletions(-)
diff --git a/libyara/re.c b/libyara/re.c
index 4f856e5..f17abe5 100644
--- a/libyara/re.c
+++ b/libyara/re.c
@@ -739,7 +739,7 @@ int _yr_re_emit(
int emit_epilog;
RE_REPEAT_ARGS repeat_args;
- RE_REPEAT_ARGS* repeat_args_addr;
+ RE_REPEAT_ARGS* repeat_start_args_addr;
RE_REPEAT_ANY_ARGS repeat_any_args;
RE_NODE* left;
@@ -1165,7 +1165,7 @@ int _yr_re_emit(
&repeat_args,
sizeof(repeat_args),
emit_prolog ? NULL : &instruction_addr,
- (void**) &repeat_args_addr,
+ (void**) &repeat_start_args_addr,
&inst_size));
*code_size += inst_size;
@@ -1179,7 +1179,7 @@ int _yr_re_emit(
*code_size += branch_size;
- repeat_args_addr->offset = 2 * inst_size + branch_size;
+ repeat_start_args_addr->offset = 2 * inst_size + branch_size;
repeat_args.offset = -branch_size;
FAIL_ON_ERROR(_yr_emit_inst_arg_struct(
@@ -1223,7 +1223,6 @@ int _yr_re_emit(
*code_size += branch_size;
}
-
if (emit_split)
*split_offset_addr = split_size + branch_size;
@@ -1645,10 +1644,21 @@ int _yr_re_fiber_sync(
FAIL_ON_ERROR(_yr_re_fiber_split(
fiber_list, fiber_pool, branch_a, &branch_b));
+ // With RE_OPCODE_SPLIT_A the current fiber continues at the next
+ // instruction in the stream (branch A), while the newly created
+ // fiber starts at the address indicated by the instruction (branch B)
+ // RE_OPCODE_SPLIT_B has the opposite behavior.
+
if (opcode == RE_OPCODE_SPLIT_B)
yr_swap(branch_a, branch_b, RE_FIBER*);
+ // Branch A continues at the next instruction
+
branch_a->ip += (sizeof(RE_SPLIT_ID_TYPE) + 3);
+
+ // Branch B adds the offset encoded in the opcode to its instruction
+ // pointer.
+
branch_b->ip += *(int16_t*)(
branch_b->ip
+ 1 // opcode size
@@ -1716,16 +1726,30 @@ int _yr_re_fiber_sync(
repeat_any_args = (RE_REPEAT_ANY_ARGS*)(fiber->ip + 1);
+ // If repetition counter (rc) is -1 it means that we are reaching this
+ // instruction from the previous one in the instructions stream. In
+ // this case let's initialize the counter to 0 and start looping.
+
if (fiber->rc == -1)
fiber->rc = 0;
if (fiber->rc < repeat_any_args->min)
{
+ // Increase repetition counter and continue with next fiber. The
+ // instruction pointer for this fiber is not incremented yet, this
+ // fiber spins in this same instruction until reaching the minimum
+ // number of repetitions.
+
fiber->rc++;
fiber = fiber->next;
}
else if (fiber->rc < repeat_any_args->max)
{
+ // Once the minimum number of repetitions are matched one fiber
+ // remains spinning in this instruction until reaching the maximum
+ // number of repetitions while new fibers are created. New fibers
+ // start executing at the next instruction.
+
next = fiber->next;
branch_a = fiber;
@@ -1745,6 +1769,11 @@ int _yr_re_fiber_sync(
}
else
{
+ // When the maximum number of repetitions is reached the fiber keeps
+ // executing at the next instruction. The repetition counter is set
+ // to -1 indicating that we are not spinning in a repeat instruction
+ // anymore.
+
fiber->ip += (1 + sizeof(RE_REPEAT_ANY_ARGS));
fiber->rc = -1;
}
@@ -1901,6 +1930,12 @@ int yr_re_exec(
prolog;
match = (flags & RE_FLAGS_DOT_ALL) || (*input != 0x0A);
action = match ? ACTION_NONE : ACTION_KILL;
+
+ // The instruction pointer is not incremented here. The current fiber
+ // spins in this instruction until reaching the required number of
+ // repetitions. The code controlling the number of repetitions is in
+ // _yr_re_fiber_sync.
+
break;
case RE_OPCODE_LITERAL:
@@ -2008,6 +2043,7 @@ int yr_re_exec(
match = !match;
action = match ? ACTION_CONTINUE : ACTION_KILL;
+ fiber->ip += 1;
break;
case RE_OPCODE_MATCH_AT_START:
@@ -2016,12 +2052,14 @@ int yr_re_exec(
else
kill = (flags & RE_FLAGS_NOT_AT_START) || (bytes_matched != 0);
action = kill ? ACTION_KILL : ACTION_CONTINUE;
+ fiber->ip += 1;
break;
case RE_OPCODE_MATCH_AT_END:
action = input_size > (size_t) bytes_matched ?
ACTION_KILL :
ACTION_CONTINUE;
+ fiber->ip += 1;
break;
case RE_OPCODE_MATCH:
@@ -2084,7 +2122,6 @@ int yr_re_exec(
break;
case ACTION_CONTINUE:
- fiber->ip += 1;
error = _yr_re_fiber_sync(&fibers, &storage->fiber_pool, fiber);
fail_if_error(error);
break;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list