| Summary: | ASTERISK-24197: Signed integer overflow in string hash functions | ||
| Reporter: | Diederik de Groot (dkdegroot) | Labels: | |
| Date Opened: | 2014-08-10 18:04:48 | Date Closed: | 2014-08-11 10:17:12 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | General |
| Versions: | 12.4.0 | Frequency of Occurrence | Constant |
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | the strings.h functions:
ast_str_hash ast_str_hash_add ast_str_case_hash All suffer from signed integer overflow depending on the length of the string and the previous hash value calculated, because the bounds for the int are not checked. 193416315 * 33 cannot be represented in type 'int' | ||
| Comments: | By: Matt Jordan (mjordan) 2014-08-10 19:11:24.904-0500 Looking at the implementation, I doubt any of the functions really care if the value overflows. Note that the return takes the absolute value of the calculated integer. So long as the overall value provides a reproducible hash that has good distribution, I'm not sure how much this really matters. If you feel otherwise, a patch that modifies this behaviour would be appreciated. Otherwise, I doubt it will receive much attention. By: Diederik de Groot (dkdegroot) 2014-08-11 03:08:06.535-0500 After rechecking the code again, i have to admit you are right. Sorry for bothering you. We should close this bug report. | ||