github-repos/leveldb
1
0
Fork 0
mirror of https://github.com/google/leveldb.git synced 2025-01-27 06:30:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid pointer arithmetic in Hash (#1222)

Browse Source 
It is UB to exceed the bounds of the buffer when doing pointer
arithemetic. That means the following is not a valid bounds check:

    if (start + 4 <= limit)

Because if we were at the end of the buffer, we wouldn't be
allowed to add 4 anyway. Instead, this must be written as:

    if (limit - start >= 4)

Basic forms of this issue are flagged by UBSan. If building with
-fsanitize=undefined, the following test trips an error:

    [ RUN      ] HASH.SignedUnsignedIssue
    .../leveldb/util/hash.cc:30:15: runtime error: applying non-zero offset 4 to null pointer
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/local/google/home/davidben/leveldb/util/hash.cc:30:15 in
    [       OK ] HASH.SignedUnsignedIssue (1 ms)
This commit is contained in:
David Benjamin 2025-01-02 14:02:29 -05:00 committed by GitHub
parent 23e35d792b
commit 578eeb702e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
util/hash.cc
View File

@ -27,7 +27,7 @@ uint32_t Hash(const char* data, size_t n, uint32_t seed) {
uint32_t h = seed ^ (n * m);
// Pick up four bytes at a time
while (data + 4 <= limit) {
while (limit - data >= 4) {
uint32_t w = DecodeFixed32(data);
data += 4;
h += w;