pspp-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792

From: John Darrington
Subject: Re: Bug#866890: pspp - cve-2017-10791 - cve-2017-10792
Date: Tue, 4 Jul 2017 07:10:31 +0200
User-agent: Mutt/1.5.23 (2014-03-12) 
On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
     Hi John,
     
     today I looked a little bit at the hash function. I think the problem is 
that compared to
     the referenced code the x parameter is type int instead of unsigned int. 
Googling around the
     overflow behavior of signed and the shift right of signed is not defined 
in the c standard
     although ???many?" implementations assume 2th complement signed 
implementation. Both is well
     defined for unsigned int operations.
     
Ahh.  Perhaps you're right.  But I cannot see that this would cause a crash, so 
I suspect that's
another problem.

     I changed the parameter type from int to unsigned int and I cannot see a 
problem in the regression.

What problems did you encounter before your change (if any)?

     But looking at the code I wondered if this hash function also works on 64 
Bit architectures. The
     reference only talks about uint32_t.

I cannot see that it wouldn't "work".  But it might not create such an 
efficient hash.

Anyway maybe Ben will be able to have a look soon.
     

J'
     
     
-- 
Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]