review.tizen.org Git - platform/upstream/dbus.git/commit

author	Philip Withnall <withnall@endlessm.com>
	Thu, 2 Feb 2017 10:14:55 +0000 (10:14 +0000)
committer	sanghyeok.oh <sanghyeok.oh@samsung.com>
	Fri, 1 Feb 2019 01:20:31 +0000 (10:20 +0900)
commit	edd92e4a605713739a7b1128a6d07afaf5c80105
tree	010003362adb04a9171c2893190af8e2f9cdca47	tree \| snapshot
parent	65e5748e56976da5eb37436738625bbfb619e2a2	commit \| diff

dbus-hash: Fix a potential shift by a negative integer

As a hash table becomes unbelievably large and full, the down_shift
tends towards 0. The overflow detection code in rebuild_table() does not
prevent down_shift becoming negative, which then causes undefined
behaviour in RANDOM_INDEX for int-keyed tables.

Note that this can only happen with approaching INT_MAX entries in the
hash table, at which point we’ve almost certainly hit OOM somewhere, so
this is vanishingly unlikely to happen. This is why I can’t add a test
for the bug.

As always, thanks to Coverity.

Coverity ID: 54682
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99641
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Change-Id: Iac3047fc0bff11b3d08c2938c0fda292bddb1466