[Forensics-changes] [yara] 180/415: Fix buffer overrun in Aho-Corasick caused by not reserving enough memory for regexp atoms
Hilko Bengen
bengen at moszumanska.debian.org
Thu Apr 3 05:43:03 UTC 2014
This is an automated email from the git hooks/post-receive script.
bengen pushed a commit to branch debian
in repository yara.
commit 4a637d9796f12d1f19fd7ae6399c0d1034fad84e
Author: Victor M. Alvarez <plusvic at gmail.com>
Date: Wed Jun 26 12:58:23 2013 +0000
Fix buffer overrun in Aho-Corasick caused by not reserving enough memory for regexp atoms
---
libyara/ahocorasick.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/libyara/ahocorasick.c b/libyara/ahocorasick.c
index e3f33db..294d8a5 100644
--- a/libyara/ahocorasick.c
+++ b/libyara/ahocorasick.c
@@ -35,6 +35,10 @@ limitations under the License.
#define min(x, y) ((x < y) ? (x) : (y))
#endif
+#ifndef max
+#define max(x, y) ((x > y) ? (x) : (y))
+#endif
+
typedef struct _QUEUE_NODE
{
AC_STATE* value;
@@ -958,11 +962,14 @@ int yr_ac_add_string(
uint8_t* atoms;
uint8_t* atoms_cursor;
- // Reserve memory to hold atoms for the string. We reserve enough memory
- // for the worst case which is a "ascii wide nocase" text string.
+ // Reserve memory to hold atoms for the string. We reserve a minimun of
+ // 4KB which is enough for storing single-character atoms from regular
+ // expressions obtained by calling yr_regex_get_first_bytes, and for
+ // storing worst case strings (ascii wide nocase) for MAX_ATOM up to 7.
+ // If MAX_ATOM is greater than 7 we reserve more memory as required.
atoms = yr_malloc(
- 2 * (1 << MAX_ATOM) * (2 * sizeof(int) + MAX_ATOM) + sizeof(int));
+ max(2 * (1 << MAX_ATOM) * (2 * sizeof(int) + MAX_ATOM), 4096));
if (atoms == NULL)
return ERROR_INSUFICIENT_MEMORY;
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git
More information about the forensics-changes
mailing list