From: Paul Durrant Date: Wed, 9 Sep 2015 12:39:13 +0000 (+0100) Subject: Fix hash table overflow X-Git-Tag: 8.1.0-rc2~2 X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=8c37080084c472792eae9c69784da0b4ce26eab1;p=pvdrivers%2Fwin%2Fxenbus.git Fix hash table overflow There is a flaw in HashTableHash() which means that, for example, an Array value of 0xff added to an Accumulator value of 0xff will lead to more than 4 bits of Overflow. The 5th bit is missed by the mask and is hence not folded back into the lower order bits of the Accumulator. The upshot of the this is an ASSERTion failure for a debug build or an array overflow in the caller for a non-debug build. This patch fixes this issue by increasing the overflow mask to 8 bits instead of 4 (although 5 bit would actually be sufficient). Signed-off-by: Paul Durrant Reported-by: Rafal Wojdyla Tested-by: Rafal Wojdyla --- diff --git a/src/xenbus/hash_table.c b/src/xenbus/hash_table.c index a9c1b79..c7c6101 100644 --- a/src/xenbus/hash_table.c +++ b/src/xenbus/hash_table.c @@ -90,7 +90,7 @@ HashTableHash( Accumulator = (Accumulator << 4) + Array[Index]; - Overflow = Accumulator & 0x00000f00; + Overflow = Accumulator & 0x0000ff00; if (Overflow != 0) { Accumulator ^= Overflow >> 8; Accumulator ^= Overflow;