From 39d0a152a3fc330984c14ca9885c76e9ef07ad7e Mon Sep 17 00:00:00 2001 From: Steven Morgan Date: Wed, 25 Feb 2015 14:52:33 -0500 Subject: [PATCH] Use YARA arena for rule memory. --- libclamav/readdb.c | 11 ++++------- libclamav/yara_clam.h | 1 + libclamav/yara_parser.c | 12 ++++-------- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/libclamav/readdb.c b/libclamav/readdb.c index 19887e08f..44edc629d 100644 --- a/libclamav/readdb.c +++ b/libclamav/readdb.c @@ -2985,11 +2985,6 @@ static char *parse_yara_hex_string(YR_STRING *string, int *ret) return res; } -static inline void free_yararule(YR_RULE *rule) -{ - free(rule); -} - struct cli_ytable_entry { char *offset; char *hexstr; @@ -3550,6 +3545,8 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, rc = yr_hash_table_create(10007, &compiler.objects_table); if (rc == ERROR_SUCCESS) rc = yr_arena_create(65536, 0, &compiler.sz_arena); + if (rc == ERROR_SUCCESS) + rc = yr_arena_create(65536, 0, &compiler.rules_arena); if (rc == ERROR_SUCCESS) rc = yr_arena_create(65536, 0, &compiler.code_arena); if (rc == ERROR_SUCCESS) @@ -3570,6 +3567,7 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, yr_hash_table_destroy(compiler.rules_table, NULL); yr_hash_table_destroy(compiler.objects_table, NULL); yr_arena_destroy(compiler.sz_arena); + yr_arena_destroy(compiler.rules_arena); yr_arena_destroy(compiler.code_arena); yr_arena_destroy(compiler.strings_arena); yr_arena_destroy(compiler.metas_arena); @@ -3589,16 +3587,15 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, if (rc != CL_SUCCESS) { cli_warnmsg("cli_loadyara: problem parsing yara file %s, yara rule %s\n", dbname, rule->identifier); #ifdef YARA_FINISHED - free_yararule(rule); break; #endif } - free_yararule(rule); } yr_hash_table_destroy(compiler.rules_table, NULL); yr_hash_table_destroy(compiler.objects_table, NULL); yr_arena_destroy(compiler.sz_arena); + yr_arena_destroy(compiler.rules_arena); yr_arena_destroy(compiler.code_arena); yr_arena_destroy(compiler.strings_arena); yr_arena_destroy(compiler.metas_arena); diff --git a/libclamav/yara_clam.h b/libclamav/yara_clam.h index e00e3734b..6c8f18605 100644 --- a/libclamav/yara_clam.h +++ b/libclamav/yara_clam.h @@ -519,6 +519,7 @@ typedef struct _yc_compiler { int last_result; YR_ARENA* sz_arena; + YR_ARENA* rules_arena; YR_ARENA* strings_arena; YR_ARENA* code_arena; YR_ARENA* metas_arena; diff --git a/libclamav/yara_parser.c b/libclamav/yara_parser.c index 37e639767..0f658073a 100644 --- a/libclamav/yara_parser.c +++ b/libclamav/yara_parser.c @@ -654,7 +654,6 @@ YR_STRING* yr_parser_reduce_string_declaration( } #endif - // string = cli_calloc(1, sizeof(struct _yc_string)); if (string == NULL) { cli_errmsg("yara_parser: no mem for struct _yc_string.\n"); compiler->last_result = CL_EMEM; @@ -748,19 +747,17 @@ int yr_parser_reduce_rule_declaration( if (compiler->last_result != ERROR_SUCCESS) return compiler->last_result; -#if REAL_YARA FAIL_ON_COMPILER_ERROR(yr_arena_allocate_struct( compiler->rules_arena, sizeof(YR_RULE), (void**) &rule, offsetof(YR_RULE, identifier), - offsetof(YR_RULE, tags), + // offsetof(YR_RULE, tags), ClamAV - later offsetof(YR_RULE, strings), - offsetof(YR_RULE, metas), - offsetof(YR_RULE, ns), + // offsetof(YR_RULE, metas), ClamAV - later + // offsetof(YR_RULE, ns), ClamAV - later EOL)); -#else - rule = cli_calloc(1, sizeof(struct _yc_rule)); + if (rule == NULL) { cli_errmsg("yara_parser: no mem for struct _yc_rule.\n"); return CL_EMEM; @@ -768,7 +765,6 @@ int yr_parser_reduce_rule_declaration( STAILQ_INIT(&rule->strings); STAILQ_CONCAT(&rule->strings, &compiler->current_rule_string_q); STAILQ_INIT(&compiler->current_rule_string_q); -#endif rule->g_flags = flags | compiler->current_rule_flags; #if REAL_YARA