[Forensics-changes] [yara] 11/415: Small performance improvement and fix bug introduced on r14

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:42:38 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 60a581eadca9573c0d988c0c3acef4d476fde8e0
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Wed Jan 21 17:43:12 2009 +0000

    Small performance improvement and fix bug introduced on r14
---
 ChangeLog      |  5 ++++-
 libyara/scan.c | 19 ++++++++++++-------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 4e5b7c3..11aad11 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,7 +8,10 @@ version 1.1
 	* regular expressions syntax changed
 	* now regular expressions can begin with any character
 
-version 1.1.1
+version 1.2
+	* added support for global rules
+	* "widechar" is now "wide" and can be used in conjuntion with "ascii"
 	* BUGFIX: Wrong behavior of escaped characters in regular expressions
 	* BUGFIX: Fatal error in yara-python when invoking matchfile with invalid path twice
+	* BUGFIX: Wrong precedence of OR and AND operators
 	
diff --git a/libyara/scan.c b/libyara/scan.c
index fee4531..45c7f6b 100644
--- a/libyara/scan.c
+++ b/libyara/scan.c
@@ -129,12 +129,17 @@ int hex_match(unsigned char* buffer, unsigned int buffer_size, unsigned char* pa
 			matches += distance;
 			
             i = 0;
-            
-            //TODO: improve performance of range skips
-            
+                        
             while (i <= delta && b + i < buffer_size)
             {
-       			tmp = hex_match(buffer + b + i, buffer_size - b - i,  pattern + p, pattern_length - p, mask + m);
+                if ((buffer[b + i] & mask[m]) == pattern[p])
+                {
+       			    tmp = hex_match(buffer + b + i, buffer_size - b - i,  pattern + p, pattern_length - p, mask + m);
+       			}
+       			else
+       			{
+                    tmp = 0;
+       			}
 				
 			    if (tmp > 0) 
 					return b + i + tmp;
@@ -444,11 +449,11 @@ int string_match(unsigned char* buffer, unsigned int buffer_size, STRING* string
 	
 	unsigned char* tmp;
 	
-	if ((flags & STRING_FLAGS_HEXADECIMAL) && IS_HEX(string))
+	if (IS_HEX(string))
 	{
 		return hex_match(buffer, buffer_size, string->string, string->length, string->mask);
 	}
-	else if ((flags & STRING_FLAGS_REGEXP) && IS_REGEXP(string)) 
+	else if (IS_REGEXP(string)) 
 	{
 		if (IS_WIDE(string))
 		{
@@ -692,7 +697,7 @@ int scan_mem(unsigned char* buffer, unsigned int buffer_size, RULE_LIST* rule_li
                                 buffer + i, 
                                 buffer_size - i, 
                                 i, 
-                                STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII | STRING_FLAGS_REGEXP, 
+                                STRING_FLAGS_HEXADECIMAL | STRING_FLAGS_ASCII, 
                                 i, 
                                 rule_list);
 		

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list