Use YARA arena for rule memory.

10 years ago · 39d0a152a3
parent 4a05ba58f8
commit 39d0a152a3
3 changed files with 9 additions and 15 deletions
--- a/libclamav/readdb.c
+++ b/libclamav/readdb.c
@ -2985,11 +2985,6 @@ static char *parse_yara_hex_string(YR_STRING *string, int *ret)
    return res;
 }

-static inline void free_yararule(YR_RULE *rule)
-{
-    free(rule);
-}
-
 struct cli_ytable_entry {
    char *offset;
    char *hexstr;
@ -3550,6 +3545,8 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo,
        rc = yr_hash_table_create(10007, &compiler.objects_table);
    if (rc == ERROR_SUCCESS)
        rc = yr_arena_create(65536, 0, &compiler.sz_arena);
+    if (rc == ERROR_SUCCESS)
+        rc = yr_arena_create(65536, 0, &compiler.rules_arena);
    if (rc == ERROR_SUCCESS)
        rc = yr_arena_create(65536, 0, &compiler.code_arena);
    if (rc == ERROR_SUCCESS)
@ -3570,6 +3567,7 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo,
        yr_hash_table_destroy(compiler.rules_table, NULL);
        yr_hash_table_destroy(compiler.objects_table, NULL);
        yr_arena_destroy(compiler.sz_arena);
+        yr_arena_destroy(compiler.rules_arena);
        yr_arena_destroy(compiler.code_arena);
        yr_arena_destroy(compiler.strings_arena);
        yr_arena_destroy(compiler.metas_arena);
@ -3589,16 +3587,15 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo,
        if (rc != CL_SUCCESS) {
            cli_warnmsg("cli_loadyara: problem parsing yara file %s, yara rule %s\n", dbname, rule->identifier);
 #ifdef YARA_FINISHED
-            free_yararule(rule);
            break;
 #endif
        }
-        free_yararule(rule);
    }

    yr_hash_table_destroy(compiler.rules_table, NULL);
    yr_hash_table_destroy(compiler.objects_table, NULL);
    yr_arena_destroy(compiler.sz_arena);
+    yr_arena_destroy(compiler.rules_arena);
    yr_arena_destroy(compiler.code_arena);
    yr_arena_destroy(compiler.strings_arena);
    yr_arena_destroy(compiler.metas_arena);
--- a/libclamav/yara_clam.h
+++ b/libclamav/yara_clam.h
@ -519,6 +519,7 @@ typedef struct _yc_compiler {
    int                 last_result;

    YR_ARENA*           sz_arena;
+    YR_ARENA*           rules_arena;
    YR_ARENA*           strings_arena;
    YR_ARENA*           code_arena;
    YR_ARENA*           metas_arena;
--- a/libclamav/yara_parser.c
+++ b/libclamav/yara_parser.c
@ -654,7 +654,6 @@ YR_STRING* yr_parser_reduce_string_declaration(
  }
 #endif

-    //  string = cli_calloc(1, sizeof(struct _yc_string));
  if (string == NULL) {
      cli_errmsg("yara_parser: no mem for struct _yc_string.\n");
      compiler->last_result = CL_EMEM;
@ -748,19 +747,17 @@ int yr_parser_reduce_rule_declaration(
  if (compiler->last_result != ERROR_SUCCESS)
    return compiler->last_result;

-#if REAL_YARA
  FAIL_ON_COMPILER_ERROR(yr_arena_allocate_struct(
      compiler->rules_arena,
      sizeof(YR_RULE),
      (void**) &rule,
      offsetof(YR_RULE, identifier),
-      offsetof(YR_RULE, tags),
+      //      offsetof(YR_RULE, tags), ClamAV - later
      offsetof(YR_RULE, strings),
-      offsetof(YR_RULE, metas),
-      offsetof(YR_RULE, ns),
+      //      offsetof(YR_RULE, metas), ClamAV - later
+      //      offsetof(YR_RULE, ns), ClamAV - later
      EOL));
-#else
-  rule = cli_calloc(1, sizeof(struct _yc_rule));
+
  if (rule == NULL) {
      cli_errmsg("yara_parser: no mem for struct _yc_rule.\n");
      return CL_EMEM;
@ -768,7 +765,6 @@ int yr_parser_reduce_rule_declaration(
  STAILQ_INIT(&rule->strings);
  STAILQ_CONCAT(&rule->strings, &compiler->current_rule_string_q);
  STAILQ_INIT(&compiler->current_rule_string_q);
-#endif

  rule->g_flags = flags | compiler->current_rule_flags;
 #if REAL_YARA