Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Defining variables twice leads to undefined/undesired behavior #908

Closed
hillu opened this issue Jul 10, 2018 · 0 comments
Closed

Defining variables twice leads to undefined/undesired behavior #908

hillu opened this issue Jul 10, 2018 · 0 comments

Comments

@hillu
Copy link
Contributor

hillu commented Jul 10, 2018

The following program is a C reimplementation of what was reported as hillu/go-yara#25. Removing the second call of yr_compiler_define_string_variable() restores expected behavior.

#include <yara.h>
#include <stdio.h>
void errcheck(int code) {
  if (code == 0) {
    puts("ok");
  } else {
    printf("error %d\n", code);
  }
}

int scan_callback(int message, void* message_data, void* user_data) {
  switch(message) {
  case CALLBACK_MSG_RULE_MATCHING:
    printf("match %s\n", ((YR_RULE*)message_data)->identifier);
    break;
  case CALLBACK_MSG_RULE_NOT_MATCHING:
    printf("not matching %s\n", ((YR_RULE*)message_data)->identifier);
    break;
  }
}

int main(int argc, char **argv) {
  YR_COMPILER *c;
  yr_initialize();
  errcheck(yr_compiler_create(&c));
  errcheck(yr_compiler_define_string_variable(c, "category", ""));
  errcheck(yr_compiler_define_string_variable(c, "category", ""));
  errcheck(yr_compiler_add_string(c, "rule category_is_empty { condition: category == \"\" }", "default"));
  errcheck(yr_compiler_add_string(c, "rule category_is_not_empty { condition: category != \"\" }", "default"));
  YR_RULES *r;
  errcheck(yr_compiler_get_rules(c, &r));
  errcheck(yr_rules_define_string_variable(r, "category", "http"));
  errcheck(yr_rules_scan_mem(r, "", 0, 0, scan_callback, NULL, 0));
}
plusvic added a commit that referenced this issue Jul 10, 2018
Calling yr_compiler_define_xxx_variable twice with the same identifier now produces ERROR_DUPLICATED_EXTERNAL_VARIABLE.
tarterp pushed a commit to mandiant/yara that referenced this issue Mar 31, 2022
Calling yr_compiler_define_xxx_variable twice with the same identifier now produces ERROR_DUPLICATED_EXTERNAL_VARIABLE.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant