[Forensics-changes] [yara] 11/415: Small performance improvement and fix bug introduced on r14
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:42:38 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 60a581eadca9573c0d988c0c3acef4d476fde8e0
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Jan 21 17:43:12 2009 +0000
Small performance improvement and fix bug introduced on r14
---
ChangeLog | 5 ++++-
libyara/scan.c | 19 ++++++++++++-------
2 files changed, 16 insertions(+), 8 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 4e5b7c3..11aad11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,7 +8,10 @@ version 1.1
* regular expressions syntax changed
* now regular expressions can begin with any character
-version 1.1.1
+version 1.2
+ * added support for global rules
+ * "widechar" is now "wide" and can be used in conjuntion with "ascii"
* BUGFIX: Wrong behavior of escaped characters in regular expressions
* BUGFIX: Fatal error in yara-python when invoking matchfile with invalid path twice
+ * BUGFIX: Wrong precedence of OR and AND operators
diff --git a/libyara/scan.c b/libyara/scan.c
index fee4531..45c7f6b 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -129,12 +129,17 @@ int hex_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pa
matches += distance;
i = 0;
-
- //TODO: improve performance of range skips
-
+
while (i <= delta && b + i < buffer_size)
{
- tmp = hex_match(buffer + b + i, buffer_size - b - i, pattern + p, pattern_length - p, mask + m);
+ if ((buffer[b + i] & mask[m]) == pattern[p])
+ {
+ tmp = hex_match(buffer + b + i, buffer_size - b - i, pattern + p, pattern_length - p, mask + m);
+ }
+ else
+ {
+ tmp = 0;
+ }
if (tmp > 0)
return b + i + tmp;
@@ -444,11 +449,11 @@ int string_match(unsigned char* buffer, unsigned int buffer_size, STRING* string
unsigned char* tmp;
- if ((flags & STRING_FLAGS_HEXADECIMAL) && IS_HEX(string))
+ if (IS_HEX(string))
{
return hex_match(buffer, buffer_size, string->string, string->length, string->mask);
}
- else if ((flags & STRING_FLAGS_REGEXP) && IS_REGEXP(string))
+ else if (IS_REGEXP(string))
{
if (IS_WIDE(string))
{
@@ -692,7 +697,7 @@ int scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_li
buffer + i,
buffer_size - i,
i,
- STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII | STRING_FLAGS_REGEXP,
+ STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII,
i,
rule_list);
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list