@@ -15,13 +15,10 @@

 struct mscab_compressor *

   mspack_create_cab_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_cab_compressor(struct mscab_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct mschm_compressor *

   mspack_create_chm_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_chm_compressor(struct mschm_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -1371,22 +1371,16 @@ static int chmd_error(struct mschm_decompressor *base) {

  * are accepted, offsets beyond that cause an error message.

  */

 static int read_off64(off_t *var, unsigned char *mem,

-                      struct mspack_system *sys, struct mspack_file *fh)

+		      struct mspack_system *sys, struct mspack_file *fh)

 {

-  (void) sys;

-

 #ifdef LARGEFILE_SUPPORT

-  (void) fh;

-

-  *var = EndGetI64(mem);

+    *var = EndGetI64(mem);

 #else

-  *var = EndGetI32(mem);

-

-  if ((*var & 0x80000000) || EndGetI32(mem + 4))

-  {

-    sys->message(fh, (char *)largefile_msg);

-    return 1;

-  }

+    *var = EndGetI32(mem);

+    if ((*var & 0x80000000) || EndGetI32(mem+4)) {

+	sys->message(fh, (char *)largefile_msg);

+	return 1;

+    }

 #endif

-  return 0;

+    return 0;

 }

@@ -15,13 +15,10 @@

 struct mshlp_compressor *

   mspack_create_hlp_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_hlp_compressor(struct mshlp_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct mshlp_decompressor *

   mspack_create_hlp_decompressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_hlp_decompressor(struct mshlp_decompressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct mskwaj_compressor *

   mspack_create_kwaj_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_kwaj_compressor(struct mskwaj_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct mslit_compressor *

   mspack_create_lit_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_lit_compressor(struct mslit_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct mslit_decompressor *

   mspack_create_lit_decompressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_lit_decompressor(struct mslit_decompressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -15,13 +15,10 @@

 struct msoab_compressor *

   mspack_create_oab_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_oab_compressor(struct msoab_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -118,8 +118,6 @@ static struct mspack_file *msp_open(struct mspack_system *self,

   struct mspack_file_p *fh;

   const char *fmode;

-  (void) self;

-

   switch (mode) {

   case MSPACK_SYS_OPEN_READ:   fmode = "rb";  break;

   case MSPACK_SYS_OPEN_WRITE:  fmode = "wb";  break;

@@ -203,12 +201,10 @@ static void *msp_alloc(struct mspack_system *self, size_t bytes) {

 #ifdef DEBUG

   /* make uninitialised data obvious */

   char *buf = malloc(bytes + 8);

-  (void) self;

   if (buf) memset(buf, 0xDC, bytes);

   *((size_t *)buf) = bytes;

   return &buf[8];

 #else

-  (void) self;

   return malloc(bytes);

 #endif

 }

@@ -15,13 +15,10 @@

 struct msszdd_compressor *

   mspack_create_szdd_compressor(struct mspack_system *sys)

 {

-  (void) sys;

   /* todo */

   return NULL;

 }

 void mspack_destroy_szdd_compressor(struct msszdd_compressor *self) {

-  (void) self;

   /* todo */

-  return;

 }

@@ -307,6 +307,7 @@ static int cli_ac_addpatt_recursive(struct cli_matcher *root, struct cli_ac_patt

 int cli_ac_addpatt(struct cli_matcher *root, struct cli_ac_patt *pattern)

 {

+    struct cli_ac_node *pt;

     struct cli_ac_patt **newtable;

     uint16_t len = MIN(root->ac_maxdepth, pattern->length[0]);

     uint8_t i;

@@ -1274,7 +1275,7 @@ int cli_ac_initdata(struct cli_ac_data *data, uint32_t partsigs, uint32_t lsigs,

     data->partsigs = partsigs;

     if(partsigs) {

-        data->offmatrix = (uint32_t ***) cli_calloc(partsigs, sizeof(uint32_t **));

+        data->offmatrix = (int32_t ***) cli_calloc(partsigs, sizeof(int32_t **));

         if(!data->offmatrix) {

             cli_errmsg("cli_ac_init: Can't allocate memory for data->offmatrix\n");

@@ -1528,6 +1529,7 @@ int lsig_sub_matched(const struct cli_matcher *root, struct cli_ac_data *mdata,

     }

     if (ac_lsig->type & CLI_YARA_OFFSET && realoff != CLI_OFF_NONE) {

+        uint32_t * offs;

         struct cli_subsig_matches * ss_matches;

         struct cli_lsig_matches * ls_matches;

         cli_dbgmsg("lsig_sub_matched lsig %u:%u at %u\n", lsigid1, lsigid2, realoff);

@@ -1622,19 +1624,7 @@ int cli_ac_chkmacro(struct cli_matcher *root, struct cli_ac_data *data, unsigned

 }

-int cli_ac_scanbuff(

-    const unsigned char *buffer, 

-    uint32_t length, 

-    const char **virname, 

-    void **customdata, 

-    struct cli_ac_result **res, 

-    const struct cli_matcher *root, 

-    struct cli_ac_data *mdata, 

-    uint32_t offset, 

-    cli_file_t ftype, 

-    struct cli_matched_type **ftoffset, 

-    unsigned int mode, 

-    cli_ctx *ctx)

+int cli_ac_scanbuff(const unsigned char *buffer, uint32_t length, const char **virname, void **customdata, struct cli_ac_result **res, const struct cli_matcher *root, struct cli_ac_data *mdata, uint32_t offset, cli_file_t ftype, struct cli_matched_type **ftoffset, unsigned int mode, cli_ctx *ctx)

 {

     struct cli_ac_node *current;

     struct cli_ac_list *pattN, *ptN;

@@ -1642,7 +1632,7 @@ int cli_ac_scanbuff(

     uint32_t i, bp, exptoff[2], realoff, matchstart, matchend;

     uint16_t j;

     uint8_t found, viruses_found = 0;

-    uint32_t **offmatrix, swp;

+    int32_t **offmatrix, swp;

     int type = CL_CLEAN;

     struct cli_ac_result *newres;

     int rc;

@@ -1751,14 +1741,14 @@ int cli_ac_scanbuff(

                                     return CL_EMEM;

                                 }

-                                mdata->offmatrix[pt->sigid - 1][0] = cli_malloc(pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t));

+                                mdata->offmatrix[pt->sigid - 1][0] = cli_malloc(pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t));

                                 if(!mdata->offmatrix[pt->sigid - 1][0]) {

                                     cli_errmsg("cli_ac_scanbuff: Can't allocate memory for mdata->offmatrix[%u][0]\n", pt->sigid - 1);

                                     free(mdata->offmatrix[pt->sigid - 1]);

                                     mdata->offmatrix[pt->sigid - 1] = NULL;

                                     return CL_EMEM;

                                 }

-                                memset(mdata->offmatrix[pt->sigid - 1][0], (uint32_t)-1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t));

+                                memset(mdata->offmatrix[pt->sigid - 1][0], -1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t));

                                 mdata->offmatrix[pt->sigid - 1][0][0] = 0;

                                 for(j = 1; j < pt->parts; j++) {

                                     mdata->offmatrix[pt->sigid - 1][j] = mdata->offmatrix[pt->sigid - 1][0] + j * (CLI_DEFAULT_AC_TRACKLEN + 2);

@@ -1769,7 +1759,7 @@ int cli_ac_scanbuff(

                             found = 0;

                             if(pt->partno != 1) {

-                                for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[pt->partno - 2][j] != (uint32_t)-1; j++) {

+                                for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[pt->partno - 2][j] != -1; j++) {

                                     found = j;

                                     if(realoff < offmatrix[pt->partno - 2][j])

                                         found = 0;

@@ -1820,12 +1810,12 @@ int cli_ac_scanbuff(

                                             /* FIXME: the first offset in the array is most likely the correct one but

                                              * it may happen it is not

                                              */

-                                            for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[0][j] != (uint32_t)-1; j++)

+                                            for(j = 1; j <= CLI_DEFAULT_AC_TRACKLEN + 1 && offmatrix[0][j] != -1; j++)

                                                 if(ac_addtype(ftoffset, type, offmatrix[pt->parts - 1][j], ctx))

                                                     return CL_EMEM;

                                         }

-                                        memset(offmatrix[0], (uint32_t)-1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(uint32_t));

+                                        memset(offmatrix[0], -1, pt->parts * (CLI_DEFAULT_AC_TRACKLEN + 2) * sizeof(int32_t));

                                         for(j = 0; j < pt->parts; j++)

                                             offmatrix[j][0] = 0;

                                     }

@@ -1848,7 +1838,7 @@ int cli_ac_scanbuff(

                                         newres->virname = pt->virname;

                                         newres->customdata = pt->customdata;

                                         newres->next = *res;

-                                        newres->offset = (off_t)offmatrix[pt->parts - 1][1];

+                                        newres->offset = offmatrix[pt->parts - 1][1];

                                         *res = newres;

                                         ptN = ptN->next_same;

@@ -1902,7 +1892,7 @@ int cli_ac_scanbuff(

                                     }

                                     newres->virname = pt->virname;

                                     newres->customdata = pt->customdata;

-                                    newres->offset = (off_t)realoff;

+                                    newres->offset = realoff;

                                     newres->next = *res;

                                     *res = newres;

@@ -1956,8 +1946,7 @@ static int qcompare_fstr(const void *arg, const void *a, const void *b)

 /* returns if level of nesting, end set to MATCHING paren, start AFTER staring paren */

 inline static int find_paren_end(char *hexstr, char **end)

 {

-    unsigned long i;

-    int nest = 0, level = 0;

+    int i, nest = 0, level = 0;

     *end = NULL;

     for (i = 0; i < strlen(hexstr); i++) {

@@ -1981,8 +1970,7 @@ inline static int find_paren_end(char *hexstr, char **end)

  * counts applied to start of expr (not end, i.e. numexpr starts at 1 for the first expr     */

 inline static int ac_analyze_expr(char *hexstr, int *fixed_len, int *sub_len)

 {

-    unsigned long i;

-    int level = 0, len = 0, numexpr = 1;

+    int i, level = 0, len = 0, numexpr = 1;

     int flen, slen;

     flen = 1;

@@ -2038,7 +2026,7 @@ inline static int ac_analyze_expr(char *hexstr, int *fixed_len, int *sub_len)

 inline static int ac_uicmp(uint16_t *a, size_t alen, uint16_t *b, size_t blen, int *wild)

 {

-    uint16_t awild, bwild, side_wild;

+    uint16_t cmp, awild, bwild, side_wild;

     size_t i, minlen = MIN(alen, blen);

     side_wild = 0;

@@ -2416,7 +2404,7 @@ int cli_ac_addsig(struct cli_matcher *root, const char *virname, const char *hex

     char *pt, *pt2, *hex = NULL, *hexcpy = NULL;

     uint16_t i, j, ppos = 0, pend, *dec, nzpos = 0;

     uint8_t wprefix = 0, zprefix = 1, plen = 0, nzplen = 0;

-    struct cli_ac_special *newspecial, **newtable;

+    struct cli_ac_special *newspecial, *specialpt, **newtable;

     int ret, error = CL_SUCCESS;

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2009 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm

@@ -57,7 +57,7 @@ struct cli_lsig_matches {

 };

 struct cli_ac_data {

-    uint32_t ***offmatrix;

+    int32_t ***offmatrix;

     uint32_t partsigs, lsigs, reloffsigs;

     uint32_t **lsigcnt;

     uint32_t **lsigsuboff_last, **lsigsuboff_first;

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2013 Sourcefire, Inc.

  *  All Rights Reserved.

  *

@@ -802,11 +802,8 @@ static int yara_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data

 {

     struct cli_ac_lsig *ac_lsig = root->ac_lsigtable[lsid];

     int rc;

-    YR_SCAN_CONTEXT context;

-

-    (void)hash;

+    YR_SCAN_CONTEXT context = {0};

-    memset(&context, 0, sizeof(YR_SCAN_CONTEXT));

     context.fmap = *ctx->fmap;

     context.file_size = (*ctx->fmap)->len;

     if (target_info != NULL) {

@@ -855,9 +852,9 @@ int cli_exp_eval(cli_ctx *ctx, struct cli_matcher *root, struct cli_ac_data *acd

 int cli_fmap_scandesc(cli_ctx *ctx, cli_file_t ftype, uint8_t ftonly, struct cli_matched_type **ftoffset, unsigned int acmode, struct cli_ac_result **acres, unsigned char *refhash)

 {

     const unsigned char *buff;

-    int ret = CL_CLEAN, type = CL_CLEAN, compute_hash[CLI_HASH_AVAIL_TYPES];

+    int ret = CL_CLEAN, type = CL_CLEAN, bytes, compute_hash[CLI_HASH_AVAIL_TYPES];

     unsigned int i = 0, j = 0, bm_offmode = 0;

-    uint32_t maxpatlen, bytes, offset = 0;

+    uint32_t maxpatlen, offset = 0;

     struct cli_ac_data gdata, tdata;

     struct cli_bm_off toff;

     struct cli_pcre_off gpoff, tpoff;

@@ -1268,17 +1265,16 @@ int cli_matchmeta(cli_ctx *ctx, const char *fname, size_t fsizec, size_t fsizer,

 	if(cdb->res1 && (cdb->ctype == CL_TYPE_ZIP || cdb->ctype == CL_TYPE_RAR) && cdb->res1 != res1)

 	    continue;

-    #define CDBRANGE(field, val)                                              \

-        if (field[0] != CLI_OFF_ANY)                                          \

-        {                                                                     \

-            if (field[0] == field[1] && field[0] != val)                      \

-                continue;                                                     \

-            else if (field[0] != field[1] && ((field[0] && field[0] > val) || \

-                                            (field[1] && field[1] < val)))    \

-                continue;                                                     \

-        }

+#define CDBRANGE(field, val)						    \

+	if(field[0] != CLI_OFF_ANY) {					    \

+	    if(field[0] == field[1] && field[0] != val)			    \

+		continue;						    \

+	    else if(field[0] != field[1] && ((field[0] && field[0] > val) ||\

+	      (field[1] && field[1] < val)))				    \

+		continue;						    \

+	}

-    CDBRANGE(cdb->csize, cli_get_container_size(ctx, -1));

+	CDBRANGE(cdb->csize, cli_get_container_size(ctx, -1));

 	CDBRANGE(cdb->fsizec, fsizec);

 	CDBRANGE(cdb->fsizer, fsizer);

 	CDBRANGE(cdb->filepos, filepos);

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2013 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm

@@ -143,18 +143,18 @@ struct cli_matcher {

 struct cli_cdb

 {

-    char	        *virname;   /* virus name */

-    cli_file_t	    ctype;	    /* container type */

-    regex_t	        name;	    /* filename regex */

-    size_t	        csize[2];   /* container size (min, max); if csize[0] != csize[1]

-			                     * then value of 0 makes the field ignored

-			                     */

-    size_t	        fsizec[2];  /* file size in container */

-    size_t	        fsizer[2];  /* real file size */

-    int		        encrypted;  /* file is encrypted; 2 == ignore */

-    unsigned int    filepos[2]; /* file position in container */

-    int		        res1;	    /* reserved / format specific */

-    void	        *res2;	    /* reserved / format specific */

+    char	*virname;   /* virus name */

+    cli_file_t	ctype;	    /* container type */

+    regex_t	name;	    /* filename regex */

+    size_t	csize[2];   /* container size (min, max); if csize[0] != csize[1]

+			     * then value of 0 makes the field ignored

+			     */

+    size_t	fsizec[2];  /* file size in container */

+    size_t	fsizer[2];  /* real file size */

+    int		encrypted;  /* file is encrypted; 2 == ignore */

+    int		filepos[2]; /* file position in container */

+    int		res1;	    /* reserved / format specific */

+    void	*res2;	    /* reserved / format specific */

     struct cli_cdb *next;

 };

@@ -1,5 +1,5 @@

 /*

- *  Copyright (C) 2015, 2017 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

+ *  Copyright (C) 2015 Cisco Systems, Inc. and/or its affiliates. All rights reserved.

  *  Copyright (C) 2007-2010 Sourcefire, Inc.

  *

  *  Authors: Tomasz Kojm, Trog

@@ -1171,37 +1171,35 @@ void cli_set_container(cli_ctx *ctx, cli_file_t type, size_t size)

 cli_file_t cli_get_container(cli_ctx *ctx, int index)

 {

-	if (index < 0)

-		index = ctx->recursion + index + 1;

-	while (index >= 0 && index <= (int)ctx->recursion)

-	{

-		if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

-			return ctx->containers[index].type;

-		index--;

-	}

-	return CL_TYPE_ANY;

+    if (index < 0)

+	index = ctx->recursion + index + 1;

+    while (index >= 0 && index <= ctx->recursion) {

+        if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

+            return ctx->containers[index].type;

+        index--;

+    }

+    return CL_TYPE_ANY;

 }

 cli_file_t cli_get_container_intermediate(cli_ctx *ctx, int index)

 {

-	if (index < 0)

-		index = ctx->recursion + index + 1;

-	if (index >= 0 && index <= (int)ctx->recursion)

-		return ctx->containers[index].type;

-	return CL_TYPE_ANY;

+   if (index < 0)

+	index = ctx->recursion + index + 1;

+    if (index >= 0 && index <= ctx->recursion)

+	return ctx->containers[index].type;

+    return CL_TYPE_ANY;

 }

 size_t cli_get_container_size(cli_ctx *ctx, int index)

 {

-	if (index < 0)

-		index = ctx->recursion + index + 1;

-	while (index >= 0 && index <= (int)ctx->recursion)

-	{

-		if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

-			return ctx->containers[index].size;

-		index--;

-	}

-	return ctx->containers[0].size;

+    if (index < 0)

+	index = ctx->recursion + index + 1;

+    while (index >= 0 && index <= ctx->recursion) {

+        if (ctx->containers[index].flag & CONTAINER_FLAG_VALID)

+            return ctx->containers[index].size;

+        index--;

+    }

+    return ctx->containers[0].size;

 }

@@ -126,8 +126,7 @@ char *cli_virname(const char *virname, unsigned int official)

 int cli_sigopts_handler(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options)

 {

     char *hexcpy, *start, *end;

-    unsigned int i;

-    int ret = CL_SUCCESS;

+    int i, ret = CL_SUCCESS;

     /*

      * cyclic loops with cli_parse_add are impossible now as cli_parse_add 

@@ -304,6 +303,7 @@ int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hex

     int ret, asterisk = 0, range;

     unsigned int i, j, hexlen, nest, parts = 0;

     int mindist = 0, maxdist = 0, error = 0;

+    size_t hexcpysz;

     hexlen = strlen(hexsig);

     if (hexsig[0] == '$') {

@@ -1820,7 +1820,7 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig

             sigopts = subtokens[3];

         if(sigopts) { /* signature modifiers */

-            for(j = 0; j < (int)strlen(sigopts); j++)

+            for(j = 0; j < strlen(sigopts); j++)

                 switch(sigopts[j]) {

                 case 'i':

                     subsig_opts |= ACPATT_OPTION_NOCASE;

@@ -2687,7 +2687,7 @@ static int cli_loadmd(FILE *fs, struct cl_engine *engine, unsigned int *signo, i

 	/* tokens[6] - not used */

-	new->filepos[0] = new->filepos[1] = strcmp(tokens[7], "*") ? (unsigned int) atoi(tokens[7]) : (unsigned int) CLI_OFF_ANY;

+	new->filepos[0] = new->filepos[1] = strcmp(tokens[7], "*") ? atoi(tokens[7]) : (int) CLI_OFF_ANY;

 	/* tokens[8] - not used */

@@ -2812,46 +2812,36 @@ static int cli_loadcdb(FILE *fs, struct cl_engine *engine, unsigned int *signo,

 	    break;

 	}

-    #define CDBRANGE(token_str, dest)                                             \

-        if (strcmp(token_str, "*"))                                               \

-        {                                                                         \

-            if (strchr(token_str, '-'))                                           \

-            {                                                                     \

-                if (sscanf(token_str, "%u-%u", &n0, &n1) != 2)                    \

-                {                                                                 \

-                    ret = CL_EMALFDB;                                             \

-                }                                                                 \

-                else                                                              \

-                {                                                                 \

-                    dest[0] = n0;                                                 \

-                    dest[1] = n1;                                                 \

-                }                                                                 \

-            }                                                                     \

-            else                                                                  \

-            {                                                                     \

-                if (!cli_isnumber(token_str))                                     \

-                    ret = CL_EMALFDB;                                             \

-                else                                                              \

-                    dest[0] = dest[1] = (unsigned int)atoi(token_str);            \

-            }                                                                     \

-            if (ret != CL_SUCCESS)                                                \

-            {                                                                     \

-                cli_errmsg("cli_loadcdb: Invalid value %s in signature for %s\n", \

-                        token_str, tokens[0]);                                    \

-                if (new->name.re_magic)                                           \

-                    cli_regfree(&new->name);                                      \

-                mpool_free(engine->mempool, new->virname);                        \

-                mpool_free(engine->mempool, new);                                 \

-                ret = CL_EMEM;                                                    \

-                break;                                                            \

-            }                                                                     \

-        }                                                                         \

-        else                                                                      \

-        {                                                                         \

-            dest[0] = dest[1] = CLI_OFF_ANY;                                      \

-        }

+#define CDBRANGE(token_str, dest)					    \

+	if(strcmp(token_str, "*")) {					    \

+	    if(strchr(token_str, '-')) {				    \

+		if(sscanf(token_str, "%u-%u", &n0, &n1) != 2) {		    \

+		    ret = CL_EMALFDB;					    \

+		} else {						    \

+		    dest[0] = n0;					    \

+		    dest[1] = n1;					    \

+		}							    \

+	    } else {							    \

+		if(!cli_isnumber(token_str))				    \

+		    ret = CL_EMALFDB;					    \

+		else							    \

+		    dest[0] = dest[1] = atoi(token_str);		    \

+	    }								    \

+	    if(ret != CL_SUCCESS) {					    \

+		cli_errmsg("cli_loadcdb: Invalid value %s in signature for %s\n",\

+		    token_str, tokens[0]);				    \

+		if(new->name.re_magic)					    \

+		    cli_regfree(&new->name);				    \

+		mpool_free(engine->mempool, new->virname);		    \

+		mpool_free(engine->mempool, new);			    \

+		ret = CL_EMEM;						    \

+		break;							    \

+	    }								    \

+	} else {							    \

+	    dest[0] = dest[1] = CLI_OFF_ANY;				    \

+	}

-    CDBRANGE(tokens[2], new->csize);

+	CDBRANGE(tokens[2], new->csize);

 	CDBRANGE(tokens[4], new->fsizec);

 	CDBRANGE(tokens[5], new->fsizer);

 	CDBRANGE(tokens[7], new->filepos);

@@ -3123,6 +3113,7 @@ static char *parse_yara_hex_string(YR_STRING *string, int *ret)

 {

     char *res, *str, *ovr;

     size_t slen, reslen=0, i, j;

+    int sqr = 0;

     if (!(string) || !(string->string)) {

         if (ret) *ret = CL_ENULLARG;

@@ -3251,7 +3242,6 @@ struct cli_ytable {

 static int32_t ytable_lookup(const char *hexsig)

 {

-    (void) hexsig;

     /* TODO - WRITE ME! */

     return -1;

 }

@@ -3259,6 +3249,7 @@ static int32_t ytable_lookup(const char *hexsig)

 static int ytable_add_attrib(struct cli_ytable *ytable, const char *hexsig, const char *value, int type)

 {

     int32_t lookup;

+    char **attrib;

     if (!ytable || !value)

         return CL_ENULLARG;

@@ -3358,7 +3349,7 @@ static int ytable_add_string(struct cli_ytable *ytable, const char *hexsig)

 static void ytable_delete(struct cli_ytable *ytable)

 {

-    int32_t i;

+    uint32_t i;

     if (!ytable)

         return;

@@ -3413,17 +3404,17 @@ static int load_oneyara(YR_RULE *rule, int chkpua, struct cl_engine *engine, uns

 {

     YR_STRING *string;

     struct cli_ytable ytable;

-    size_t i;

-    int str_error = 0, ret = CL_SUCCESS;

+    int str_error = 0, i = 0, ret = CL_SUCCESS;

     struct cli_lsig_tdb tdb;

     uint32_t lsigid[2];

     struct cli_matcher *root;

     struct cli_ac_lsig **newtable, *lsig, *tsig = NULL;

     unsigned short target = 0;

+    size_t lsize;

     char *logic = NULL, *target_str = NULL;

+    uint8_t has_short_string;

+    char *exp_op = "|";

     char *newident = NULL;

-    /* size_t lsize; */         // only used in commented out code

-    /* char *exp_op = "|"; */   // only used in commented out code

     cli_yaramsg("load_oneyara: attempting to load %s\n", rule->identifier);

@@ -3868,10 +3859,10 @@ static int load_oneyara(YR_RULE *rule, int chkpua, struct cl_engine *engine, uns

     tdb.subsigs = ytable.tbl_cnt;

     /*** loading step - put things into the AC trie ***/

-    for (i = 0; i < (size_t)ytable.tbl_cnt; ++i) {

+    for (i = 0; i < ytable.tbl_cnt; ++i) {

         lsigid[1] = i;

-        cli_yaramsg("%zu: [%s] [%s] [%s%s%s%s]\n", i, ytable.table[i]->hexstr, ytable.table[i]->offset,

+        cli_yaramsg("%d: [%s] [%s] [%s%s%s%s]\n", i, ytable.table[i]->hexstr, ytable.table[i]->offset,

                     (ytable.table[i]->sigopts & ACPATT_OPTION_NOCASE) ? "i" : "",

                     (ytable.table[i]->sigopts & ACPATT_OPTION_FULLWORD) ? "f" : "",

                     (ytable.table[i]->sigopts & ACPATT_OPTION_WIDE) ? "w" : "",

@@ -3981,7 +3972,7 @@ void cli_yara_free(struct cl_engine * engine)

 //TODO - pua? dbio?

 static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio, const char *filename)

 {

-    YR_COMPILER compiler;

+    YR_COMPILER compiler = {0};

     YR_NAMESPACE ns;

     YR_RULE *rule;

     unsigned int sigs = 0, rules = 0, rule_errors = 0;

@@ -3992,8 +3983,6 @@ static int cli_loadyara(FILE *fs, struct cl_engine *engine, unsigned int *signo,

     if((rc = cli_initroots(engine, options)))

         return rc;

-    memset(&compiler, 0, sizeof(YR_COMPILER));

-

     compiler.last_result = ERROR_SUCCESS;

     STAILQ_INIT(&compiler.rule_q);

     STAILQ_INIT(&compiler.current_rule_string_q);

@@ -4106,7 +4095,7 @@ static int cli_loadpwdb(FILE *fs, struct cl_engine *engine, unsigned int options

     char *attribs;

     char buffer[FILEBUFF];

     unsigned int line = 0, skip = 0, pwcnt = 0, tokens_count;

-    struct cli_pwdb *new;

+    struct cli_pwdb *new, *ins;

     cl_pwdb_t container;

     struct cli_lsig_tdb tdb;

     int ret = CL_SUCCESS, pwstype;

@@ -43,7 +43,7 @@

 #ifdef RAR_HIGH_DEBUG

 #define rar_dbgmsg printf

 #else

-static void rar_dbgmsg(const char* fmt,...){(void)fmt;}

+static void rar_dbgmsg(const char* fmt,...){}

 #endif

 static void insert_old_dist(unpack_data_t *unpack_data, unsigned int distance)

@@ -113,16 +113,17 @@ int rar_unp_read_buf(int fd, unpack_data_t *unpack_data)

 	/* Is buffer read pos more than half way? */

 	if (unpack_data->in_addr > MAX_BUF_SIZE/2) {

-		memmove(unpack_data->in_buf, unpack_data->in_buf+unpack_data->in_addr,

-				data_size);

-

+		if (data_size > 0) {

+			memmove(unpack_data->in_buf, unpack_data->in_buf+unpack_data->in_addr,

+					data_size);

+		}

 		unpack_data->in_addr = 0;

 		unpack_data->read_top = data_size;

 	} else {

 		data_size = unpack_data->read_top;

 	}

 	/* RAR2 depends on us only reading upto the end of the current compressed file */

-	if (unpack_data->pack_size < (uint32_t)((MAX_BUF_SIZE-data_size)&~0xf)) {

+	if (unpack_data->pack_size < ((MAX_BUF_SIZE-data_size)&~0xf)) {

 		read_size = unpack_data->pack_size;

 	} else {

 		read_size = (MAX_BUF_SIZE-data_size)&~0xf;

@@ -217,7 +218,7 @@ static void unp_write_buf(unpack_data_t *unpack_data)

 	struct UnpackFilter *flt, *next_filter;

 	struct rarvm_prepared_program *prg, *next_prg;

 	uint8_t *filtered_data;

-	size_t i, j;

+	int i, j;

 	rar_dbgmsg("in unp_write_buf\n");

 	written_border = unpack_data->wr_ptr;

@@ -540,11 +541,9 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 			unsigned char *vmcode, int code_size)

 {

 	rarvm_input_t rarvm_input;

-	unsigned int filter_pos, new_filter, block_start, init_mask, cur_size, data_size;

+	unsigned int filter_pos, new_filter, block_start, init_mask, cur_size;

 	struct UnpackFilter *filter, *stack_filter;

-	size_t i, empty_count, stack_pos;

-	unsigned int vm_codesize;

-	long static_size;

+	int i, empty_count, stack_pos, vm_codesize, static_size, data_size;

 	unsigned char *vm_code, *global_data;

 	rar_dbgmsg("in add_vm_code first_byte=0x%x code_size=%d\n", first_byte, code_size);

@@ -564,7 +563,7 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 		filter_pos = unpack_data->last_filter;

 	}

 	rar_dbgmsg("filter_pos = %u\n", filter_pos);

-	if ((size_t) filter_pos > unpack_data->Filters.num_items ||

+	if (filter_pos > unpack_data->Filters.num_items ||

 			filter_pos > unpack_data->old_filter_lengths_size) {

 		rar_dbgmsg("filter_pos check failed\n");

 		return FALSE;

@@ -654,7 +653,7 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 	}

 	if (new_filter) {

 		vm_codesize = rarvm_read_data(&rarvm_input);

-		if (vm_codesize >= 0x1000 || vm_codesize == 0 || vm_codesize > (unsigned int)rarvm_input.buf_size) {

+		if (vm_codesize >= 0x1000 || vm_codesize == 0 || (vm_codesize > rarvm_input.buf_size) || vm_codesize < 0) {

 			rar_dbgmsg("ERROR: vm_codesize=0x%x buf_size=0x%x\n", vm_codesize, rarvm_input.buf_size);

 			return FALSE;

 		}

@@ -663,11 +662,11 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 		    rar_dbgmsg("unrar: add_vm_code: rar_malloc failed for vm_code\n");

 		    return FALSE;

 		}

-		for (i=0 ; i < (size_t) vm_codesize ; i++) {

+		for (i=0 ; i < vm_codesize ; i++) {

 			vm_code[i] = rarvm_getbits(&rarvm_input) >> 8;

 			rarvm_addbits(&rarvm_input, 8);

 		}

-		if(!rarvm_prepare(&unpack_data->rarvm_data, &rarvm_input, &vm_code[0], (int) vm_codesize, &filter->prg)) {

+		if(!rarvm_prepare(&unpack_data->rarvm_data, &rarvm_input, &vm_code[0], vm_codesize, &filter->prg)) {

 		    rar_dbgmsg("unrar: add_vm_code: rarvm_prepare failed\n");

 		    free(vm_code);

 		    return FALSE;

@@ -715,10 +714,10 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 		if (data_size >= 0x10000) {

 			return FALSE;

 		}

-		cur_size = (unsigned int)stack_filter->prg.global_size;

-		if (cur_size < data_size + VM_FIXEDGLOBALSIZE) {

-			stack_filter->prg.global_size += (long)data_size + VM_FIXEDGLOBALSIZE - cur_size;

-			stack_filter->prg.global_data = (unsigned char*)rar_realloc2(stack_filter->prg.global_data,

+		cur_size = stack_filter->prg.global_size;

+		if (cur_size < data_size+VM_FIXEDGLOBALSIZE) {

+			stack_filter->prg.global_size += data_size+VM_FIXEDGLOBALSIZE-cur_size;

+			stack_filter->prg.global_data = rar_realloc2(stack_filter->prg.global_data,

 				stack_filter->prg.global_size);

 			if(!stack_filter->prg.global_data) {

 			    rar_dbgmsg("unrar: add_vm_code: rar_realloc2 failed for stack_filter->prg.global_data\n");

@@ -726,8 +725,8 @@ static int add_vm_code(unpack_data_t *unpack_data, unsigned int first_byte,

 			}

 		}

 		global_data = &stack_filter->prg.global_data[VM_FIXEDGLOBALSIZE];

-		for (i=0 ; i < (size_t)data_size ; i++) {

-			if (rarvm_input.in_addr + 2 > rarvm_input.buf_size) {

+		for (i=0 ; i< data_size ; i++) {

+			if ((rarvm_input.in_addr+2) > rarvm_input.buf_size) {

 				rar_dbgmsg("Buffer truncated\n");

 				return FALSE;

 			}

@@ -209,7 +209,7 @@ typedef struct unpack_data_tag

 	rar_filter_array_t Filters;

 	rar_filter_array_t PrgStack;

 	int *old_filter_lengths;

-	unsigned int last_filter, old_filter_lengths_size;

+	int last_filter, old_filter_lengths_size;

 	int64_t written_size;

 	int64_t true_size;

 	int64_t max_size;

@@ -119,18 +119,16 @@ static void copy_string15(unpack_data_t *unpack_data, unsigned int distance,

 	}

 }

-static unsigned int decode_num(unpack_data_t *unpack_data, unsigned int num, unsigned int start_pos,

+static unsigned int decode_num(unpack_data_t *unpack_data, int num, unsigned int start_pos,

 			unsigned int *dec_tab, unsigned int *pos_tab)

 {

 	int i;

-	for (num &= 0xfff0, i=0; dec_tab[i] <= num; i++) {

+	for (num&=0xfff0, i=0 ; dec_tab[i] <= num ; i++) {

 		start_pos++;

 	}

-

 	rar_addbits(unpack_data, start_pos);

-	

-	return ( ((int)num - (i ? dec_tab[i-1] : 0)) >> (16 - start_pos) ) + pos_tab[start_pos];

+	return (((num-(i ? dec_tab[i-1]:0)) >> (16-start_pos)) + pos_tab[start_pos]);

 }

 static void huff_decode(unpack_data_t *unpack_data)

@@ -25,7 +25,7 @@

 #ifdef RAR_HIGH_DEBUG

 #define rar_dbgmsg printf

 #else

-static void rar_dbgmsg(const char* fmt,...){(void)fmt;}

+static void rar_dbgmsg(const char* fmt,...){}

 #endif