[SERVER-32832] Arithmetic overflow in mongo::nsDBHash Created: 22/Jan/18 Updated: 27/Oct/23 Resolved: 21/Jun/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Internal Code |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Billy Donahue | Assignee: | Backlog - Storage Execution Team |
| Resolution: | Gone away | Votes: | 0 |
| Labels: | neweng | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Storage Execution
|
| Operating System: | ALL |
| Participants: |
| Description |
|
After just a few characters, this function will overflow the signed int 'hash', which is undefined behavior. Conjecture: it might even be exploitable by an optimizer since the function is inline.
I suggest we switch to unsigned math for the bit wrangling and cast to int at the end. |
| Comments |
| Comment by Eric Milkie [ 21/Jun/18 ] |
|
Code was removed in |
| Comment by Eric Milkie [ 22/Jan/18 ] |
|
I also recommend moving this function into namespace_string_test.cpp, since it is only consumed by functions in that source file. |