[Forensics-changes] [yara] 382/415: Improve timeout detection

[Hilko Bengen]

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit 9687e06759e726390ed83d3da0039ca1e7fa1048
Author: Victor M. Alvarez <plusvic at gmail.com>
Date:   Fri Jan 24 12:06:35 2014 +0100

    Improve timeout detection
---
 libyara/exec.c  | 22 ++++++++++++++++++++--
 libyara/exec.h  |  4 +++-
 libyara/rules.c | 11 ++++++-----
 3 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/libyara/exec.c b/libyara/exec.c
index 05c8e6f..a22c93f 100644
--- a/libyara/exec.c
+++ b/libyara/exec.c
@@ -16,6 +16,7 @@ limitations under the License.
 
 #include <string.h>
 #include <assert.h>
+#include <time.h>
 
 #include "exec.h"
 #include "re.h"
@@ -68,7 +69,9 @@ function_read(int32_t)
 
 int yr_execute_code(
     YR_RULES* rules,
-    EVALUATION_CONTEXT* context)
+    EVALUATION_CONTEXT* context,
+    int timeout,
+    time_t start_time)
 {
   int64_t r1;
   int64_t r2;
@@ -88,6 +91,7 @@ int yr_execute_code(
   int count;
   int result;
   int flags;
+  int cycle = 0;
   int tidx = yr_get_tidx();
 
   while(1)
@@ -95,7 +99,8 @@ int yr_execute_code(
     switch(*ip)
     {
       case HALT:
-        // When the halt instruction is reached the stack should be empty.
+        // When the halt instruction is reached the stack
+        // should be empty.
         assert(sp == 0);
         return ERROR_SUCCESS;
 
@@ -545,6 +550,19 @@ int yr_execute_code(
         assert(FALSE);
     }
 
+    if (timeout > 0)  // timeout == 0 means no timeout
+    {
+      // Check for timeout every 10 instruction cycles.
+
+      if (++cycle == 10)
+      {
+        if (difftime(time(NULL), start_time) > timeout)
+          return ERROR_SCAN_TIMEOUT;
+
+        cycle = 0;
+      }
+    }
+
     ip++;
   }
 
diff --git a/libyara/exec.h b/libyara/exec.h
index 25fcde7..3e3f973 100644
--- a/libyara/exec.h
+++ b/libyara/exec.h
@@ -88,7 +88,9 @@ typedef struct _EVALUATION_CONTEXT
 
 int yr_execute_code(
     YR_RULES* rules,
-    EVALUATION_CONTEXT* context);
+    EVALUATION_CONTEXT* context,
+    int timeout,
+    time_t start_time);
 
 #endif
 
diff --git a/libyara/rules.c b/libyara/rules.c
index 0a08a36..b75193f 100644
--- a/libyara/rules.c
+++ b/libyara/rules.c
@@ -1012,7 +1012,6 @@ int yr_rules_scan_mem_block(
   YR_AC_MATCH* ac_match;
   YR_AC_STATE* current_state;
 
-  time_t current_time;
   size_t i;
 
   current_state = rules->automaton->root;
@@ -1053,9 +1052,7 @@ int yr_rules_scan_mem_block(
 
     if (timeout > 0 && i % 256 == 0)
     {
-      current_time = time(NULL);
-
-      if (difftime(current_time, start_time) > timeout)
+      if (difftime(time(NULL), start_time) > timeout)
         return ERROR_SCAN_TIMEOUT;
     }
   }
@@ -1163,7 +1160,11 @@ int yr_rules_scan_mem_blocks(
     block = block->next;
   }
 
-  result = yr_execute_code(rules, &context);
+  result = yr_execute_code(
+      rules,
+      &context,
+      timeout,
+      start_time);
 
   if (result != ERROR_SUCCESS)
     goto _exit;

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git