Details
-
Bug
-
Resolution: Gone away
-
Minor - P4
-
None
-
None
-
Storage Execution
-
ALL
Description
After just a few characters, this function will overflow the signed int 'hash', which is undefined behavior. Conjecture: it might even be exploitable by an optimizer since the function is inline.
inline int nsDBHash(const std::string& ns) { |
int hash = 7; |
for (size_t i = 0; i < ns.size(); i++) { |
if (ns[i] == '.') |
break; |
hash += 11 * ns[i];
|
hash *= 3;
|
}
|
return hash; |
}
|
I suggest we switch to unsigned math for the bit wrangling and cast to int at the end.