Skip to content

Commit

Permalink
Fix invalid pointer arithmetic in Hash (google#1222)
Browse files Browse the repository at this point in the history 
It is UB to exceed the bounds of the buffer when doing pointer
arithemetic. That means the following is not a valid bounds check:

    if (start + 4 <= limit)

Because if we were at the end of the buffer, we wouldn't be
allowed to add 4 anyway. Instead, this must be written as:

    if (limit - start >= 4)

Basic forms of this issue are flagged by UBSan. If building with
-fsanitize=undefined, the following test trips an error:

    [ RUN      ] HASH.SignedUnsignedIssue
    .../leveldb/util/hash.cc:30:15: runtime error: applying non-zero offset 4 to null pointer
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/local/google/home/davidben/leveldb/util/hash.cc:30:15 in
    [       OK ] HASH.SignedUnsignedIssue (1 ms)

(cherry picked from commit 578eeb7)
  • Loading branch information
@davidben
davidben authored and marco committed Jan 14, 2025
1 parent 688561c commit a8844b2
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion util/hash.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ uint32_t Hash(const char* data, size_t n, uint32_t seed) {
uint32_t h = seed ^ (n * m);

// Pick up four bytes at a time
while (data + 4 <= limit) {
while (limit - data >= 4) {
uint32_t w = DecodeFixed32(data);
data += 4;
h += w;
Expand Down

0 comments on commit a8844b2

Please sign in to comment.