yara

#1

Link : https://github.com/VirusTotal/yara/commit/cb787cc0c7edd91d245175af439a9190da97228b
Description: Defining variables with the same name as private rules leads to undesired behaviour

At libyara/parser.c

@@ -730,7 +730,7 @@ int yr_parser_reduce_rule_declaration_phase_1(
       yr_hash_table_lookup(
         compiler->objects_table,
         identifier,
+        NULL) != NULL)
-        compiler->current_namespace->name) != NULL)
   {
     // A rule or variable with the same identifier already exists, return the
     // appropriate error.

Tags
#Invalid-condition #Single-line #Modified

#2

Link : https://github.com/VirusTotal/yara/commit/5fcbd4a02c139559ff724ab184ac4d337a0f2380
Description: Whitespace bug in combination with 'wide' & 'nocase' keyword

At libyara/scan.c

@@ -196,9 +196,7 @@ static int _yr_scan_wicompare(
   if (data_size < string_length * 2)
     return 0;
+  while (i < string_length &&
+         yr_lowercase[*s1] == yr_lowercase[*s2] &&
+         *(s1 + 1) == 0x00)
-  while (i < string_length && yr_lowercase[*s1] == yr_lowercase[*s2])
   {
     s1+=2;
     s2++;

Tags
#Invalid-condition #Single-line #Modified

#3

Link : https://github.com/VirusTotal/yara/commit/46a54d2e404622be79db922f8e80176e356ab13d
Description: Hex pattern issue

At libyara/atoms.c

@@ -1072,7 +1072,6 @@ static int _yr_atoms_extract_from_re(
                 best_atom_re_nodes[i] = recent_re_nodes[i + shift];
               }
+              best_atom.length = atom.length;
               best_quality = quality;
             }

Tags
#Omission #Single-line #Added

#4

Link : https://github.com/VirusTotal/yara/commit/6f3e22d2249fbf4a0a3d842a32564c5ab1325b79
Description: Bug in regexp character classes when used with nocase modifier.

At libyara/include/yara/globals.h

@@ -30,14 +30,13 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #ifndef YR_GLOBALS_H
 #define YR_GLOBALS_H
+#include <inttypes.h>
 #include <yara/threading.h>
 // Pre-computed tables for quickly converting a character to lowercase or to
 // its alternative case (uppercase if it is a lowercase and vice versa). This
 // tables are initialized by yr_initialize.
+extern uint8_t yr_lowercase[256];
+extern uint8_t yr_altercase[256];
-extern char yr_lowercase[256];
-extern char yr_altercase[256];
 extern YR_THREAD_STORAGE_KEY yr_tidx_key;
 extern YR_THREAD_STORAGE_KEY yr_recovery_state_key;

At libyara/libyara.c

@@ -72,8 +72,8 @@ static struct yr_config_var
 // Global variables. See globals.h for their descriptions.
+uint8_t yr_lowercase[256];
+uint8_t yr_altercase[256];
-char yr_lowercase[256];
-char yr_altercase[256];
 #if defined(HAVE_LIBCRYPTO) && OPENSSL_VERSION_NUMBER < 0x10100000L

Tags
#Etc #Multi-line #Modified

#5

Link : https://github.com/VirusTotal/yara/commit/bb42569d900985cf37efd1aa275dcea14491edc6
Description: Assertion failed with invalid syntax

At libyara/parser.c

@@ -852,6 +852,8 @@ int yr_parser_reduce_rule_declaration_phase_1(
 {
   YR_FIXUP *fixup;
   YR_COMPILER* compiler = yyget_extra(yyscanner);
-  compiler->current_rule_idx = compiler->next_rule_idx;
-  compiler->next_rule_idx++;
   YR_NAMESPACE* ns = (YR_NAMESPACE*) yr_arena_get_ptr(
       compiler->arena,
@@ -904,8 +906,6 @@ int yr_parser_reduce_rule_declaration_phase_1(
   YR_ARENA_REF jmp_offset_ref;
   // We are starting to parse a new rule, set current_rule_idx accordingly.
+  compiler->current_rule_idx = compiler->next_rule_idx;
+  compiler->next_rule_idx++;
   // The OP_INIT_RULE instruction behaves like a jump. When the rule is disabled
   // it skips over the rule's code and go straight to the next rule's code. The

Tags
#Logical-error #Multi-line #Modified