mirror of
https://github.com/google/leveldb.git
synced 2025-06-07 09:52:42 +08:00
Fix invalid pointer arithmetic in Hash (#1222)
Some checks failed
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (<nil>, <nil>, msvc, false, windows-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (<nil>, <nil>, msvc, true, windows-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, false, macos-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, false, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, true, macos-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, true, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (gcc, g++, gcc, false, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (gcc, g++, gcc, true, ubuntu-latest) (push) Has been cancelled
Some checks failed
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (<nil>, <nil>, msvc, false, windows-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (<nil>, <nil>, msvc, true, windows-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, false, macos-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, false, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, true, macos-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (clang, clang++, clang, true, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (gcc, g++, gcc, false, ubuntu-latest) (push) Has been cancelled
ci / CI ${{ matrix.os }} ${{ matrix.compiler }} ${{ matrix.optimized && 'release' || 'debug' }} (gcc, g++, gcc, true, ubuntu-latest) (push) Has been cancelled
It is UB to exceed the bounds of the buffer when doing pointer
arithemetic. That means the following is not a valid bounds check:
if (start + 4 <= limit)
Because if we were at the end of the buffer, we wouldn't be
allowed to add 4 anyway. Instead, this must be written as:
if (limit - start >= 4)
Basic forms of this issue are flagged by UBSan. If building with
-fsanitize=undefined, the following test trips an error:
[ RUN ] HASH.SignedUnsignedIssue
.../leveldb/util/hash.cc:30:15: runtime error: applying non-zero offset 4 to null pointer
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/local/google/home/davidben/leveldb/util/hash.cc:30:15 in
[ OK ] HASH.SignedUnsignedIssue (1 ms)
This commit is contained in:
David Benjamin
GitHub
parent
23e35d792b
commit
578eeb702e
@ -27,7 +27,7 @@ uint32_t Hash(const char* data, size_t n, uint32_t seed) {
|
|||||||
uint32_t h = seed ^ (n * m);
|
uint32_t h = seed ^ (n * m);
|
||||||
|
|
||||||
// Pick up four bytes at a time
|
// Pick up four bytes at a time
|
||||||
while (data + 4 <= limit) {
|
while (limit - data >= 4) {
|
||||||
uint32_t w = DecodeFixed32(data);
|
uint32_t w = DecodeFixed32(data);
|
||||||
data += 4;
|
data += 4;
|
||||||
h += w;
|
h += w;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user