[asterisk-bugs] [JIRA] (ASTERISK-24197) Signed integer overflow in string hash functions
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Sun Aug 10 19:12:28 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-24197?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=221510#comment-221510 ]
Matt Jordan commented on ASTERISK-24197:
----------------------------------------
Looking at the implementation, I doubt any of the functions really care if the value overflows. Note that the return takes the absolute value of the calculated integer. So long as the overall value provides a reproducible hash that has good distribution, I'm not sure how much this really matters.
If you feel otherwise, a patch that modifies this behaviour would be appreciated. Otherwise, I doubt it will receive much attention.
> Signed integer overflow in string hash functions
> ------------------------------------------------
>
> Key: ASTERISK-24197
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24197
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: General
> Affects Versions: 12.4.0
> Reporter: Diederik de Groot
> Severity: Minor
>
> the strings.h functions:
> ast_str_hash
> ast_str_hash_add
> ast_str_case_hash
> All suffer from signed integer overflow depending on the length of the string and the previous hash value calculated, because the bounds for the int are not checked.
> 193416315 * 33 cannot be represented in type 'int'
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list