[Forensics-changes] [yara] 231/415: Improve _yr_scan_fast_hex_re_exec

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:09 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 67d80a1086f23761b3419282334880e540a0f9c1
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Wed Nov 20 21:45:39 2013 +0000

    Improve _yr_scan_fast_hex_re_exec
---
 libyara/rules.c | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/libyara/rules.c b/libyara/rules.c
index 1e100b6..a5aa9bc 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -133,6 +133,9 @@ inline int _yr_scan_wicompare(
 }
 
 
+#define MAX_FAST_HEX_RE_STACK 100
+
+
 int _yr_scan_fast_hex_re_exec(
     uint8_t* code,
     uint8_t* input,
@@ -141,20 +144,20 @@ int _yr_scan_fast_hex_re_exec(
     RE_MATCH_CALLBACK_FUNC callback,
     void* callback_args)
 {
-  uint8_t* code_stack[100];
-  uint8_t* input_stack[100];
-  int matches_stack[100];
+  uint8_t* code_stack[MAX_FAST_HEX_RE_STACK];
+  uint8_t* input_stack[MAX_FAST_HEX_RE_STACK];
+  int matches_stack[MAX_FAST_HEX_RE_STACK];
 
   int sp = 0;
 
   uint8_t* ip = code;
   uint8_t* current_input = input;
+  uint8_t* next_input;
   uint8_t mask;
   uint8_t value;
 
   int i;
   int matches;
-  int offset;
   int stop;
   int increment;
 
@@ -214,13 +217,22 @@ int _yr_scan_fast_hex_re_exec(
         case RE_OPCODE_PUSH:
           for (i = *(uint16_t*)(ip + 1); i > 0; i--)
           {
-            offset = flags & RE_FLAGS_BACKWARDS ? -i : i;
-            code_stack[sp] = ip + 11;
-            input_stack[sp] = current_input + offset;
-            matches_stack[sp] = matches + i;
-            sp++;
+            if (flags & RE_FLAGS_BACKWARDS)
+              next_input = current_input - i;
+            else
+              next_input = current_input + i;
+
+            if ( *(ip + 11) != RE_OPCODE_LITERAL ||
+                (*(ip + 11) == RE_OPCODE_LITERAL &&
+                 *(ip + 12) == *next_input))
+            {
+              assert(sp < MAX_FAST_HEX_RE_STACK);
+              code_stack[sp] = ip + 11;
+              input_stack[sp] = next_input;
+              matches_stack[sp] = matches + i;
+              sp++;
+            }
           }
-
           ip += 11;
           break;
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list