Hi John, > Am 04.07.2017 um 07:10 schrieb John Darrington <john@darrington.wattle.id.au>: > > On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote: > Hi John, > > today I looked a little bit at the hash function. I think the problem is that compared to > the referenced code the x parameter is type int instead of unsigned int. Googling around the > overflow behavior of signed and the shift right of signed is not defined in the c standard > although ???many?" implementations assume 2th complement signed implementation. Both is well > defined for unsigned int operations. > > Ahh. Perhaps you're right. But I cannot see that this would cause a crash, so I suspect that's > another problem. They compiled with a compiler switch -fsanitized=undefined. I assume that this produces the crash. > I changed the parameter type from int to unsigned int and I cannot see a problem in the regression. > > What problems did you encounter before your change (if any)? I encountered no problems. At first I assumed that they use some form of static code analysis. Then I tried to run our regression with the above mentioned switch but on MacOS I encountered some compile problems. In my view the behavior in our code might produce a bad hash as it deviates from the original code as the right shift is different for int and unsigned int. But I cannot see how this produces a security vulnerability. Friedrich
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail