From: Mathieu Desnoyers Date: Tue, 18 Feb 2020 00:31:41 +0000 (-0500) Subject: Fix: jhash.h: remove out-of-bound reads X-Git-Tag: v2.11.1~3 X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=5938665d83cb964348bc4761abfd778ec5bd068d;p=lttng-ust.git Fix: jhash.h: remove out-of-bound reads jhash.h implements "special" code for valgrind because it reads memory out-of-bound (and then applies a mask) when reading strings. Considering that lttng-ust does not use jhash.h in a fast-path, remove this "optimization" and use the verifiable VALGRIND code instead. This fixes an ASan splat. Fixes: #1238 Signed-off-by: Mathieu Desnoyers --- diff --git a/liblttng-ust/jhash.h b/liblttng-ust/jhash.h index 49a93c22..8f77b172 100644 --- a/liblttng-ust/jhash.h +++ b/liblttng-ust/jhash.h @@ -107,33 +107,13 @@ uint32_t hashlittle(const void *key, size_t length, uint32_t initval) /*----------------------------- handle the last (probably partial) block */ /* - * "k[2]&0xffffff" actually reads beyond the end of the string, but - * then masks off the part it's not allowed to read. Because the - * string is aligned, the masked-off tail is in the same word as the - * rest of the string. Every machine with memory protection I've seen - * does it on word boundaries, so is OK with this. But VALGRIND will - * still catch it and complain. The masking trick does make the hash - * noticably faster for short strings (like English words). + * The original jhash.h reads beyond the end of string, and implements + * a special code path for VALGRIND. It seems to make ASan unhappy too + * though, so considering that hashing event names is not a fast-path + * in lttng-ust, remove the "fast" code entirely and use the slower + * but verifiable VALGRIND version of the code which does not issue + * out-of-bound reads. */ -#ifndef VALGRIND - - switch (length) { - case 12: c+=k[2]; b+=k[1]; a+=k[0]; break; - case 11: c+=k[2]&0xffffff; b+=k[1]; a+=k[0]; break; - case 10: c+=k[2]&0xffff; b+=k[1]; a+=k[0]; break; - case 9 : c+=k[2]&0xff; b+=k[1]; a+=k[0]; break; - case 8 : b+=k[1]; a+=k[0]; break; - case 7 : b+=k[1]&0xffffff; a+=k[0]; break; - case 6 : b+=k[1]&0xffff; a+=k[0]; break; - case 5 : b+=k[1]&0xff; a+=k[0]; break; - case 4 : a+=k[0]; break; - case 3 : a+=k[0]&0xffffff; break; - case 2 : a+=k[0]&0xffff; break; - case 1 : a+=k[0]&0xff; break; - case 0 : return c; /* zero length strings require no mixing */ - } - -#else /* make valgrind happy */ { const uint8_t *k8; @@ -154,7 +134,6 @@ uint32_t hashlittle(const void *key, size_t length, uint32_t initval) case 0 : return c; } } -#endif /* !valgrind */ } else if (HASH_LITTLE_ENDIAN && ((u.i & 0x1) == 0)) { const uint16_t *k = (const uint16_t *) key; /* read 16-bit chunks */