From 9abf5951220ac5e4e91555a9f384f16a8c2f272e Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 23 Apr 2014 11:00:02 +0200 Subject: [PATCH] rohash: fix potential bad shift Fix issue detected byCoverity: *** CID 1197756: Bad bit shift operation (BAD_SHIFT) /src/util-rohash.c: 74 in ROHashInit() 68 } 69 if (hash_bits < 4 || hash_bits > 32) { 70 SCLogError(SC_ERR_HASH_TABLE_INIT, "invalid hash_bits setting, valid range is 4-32"); 71 return NULL; 72 } 73 >>> CID 1197756: Bad bit shift operation (BAD_SHIFT) >>> In expression "1U << hash_bits", left shifting by more than 31 bits has undefined behavior. The shift amount, "hash_bits", is as much as 32. 74 uint32_t size = hashsize(hash_bits) * sizeof(ROHashTableOffsets); 75 76 ROHashTable *table = SCMalloc(sizeof(ROHashTable) + size); 77 if (unlikely(table == NULL)) { 78 SCLogError(SC_ERR_HASH_TABLE_INIT, "failed to alloc memory"); 79 return NULL; This was only a potential issue as ROHashInit was only called with hash_bits 16 in the code. Bug #1170. --- src/util-rohash.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/util-rohash.c b/src/util-rohash.c index ce1e13cb3b..c2b32b4607 100644 --- a/src/util-rohash.c +++ b/src/util-rohash.c @@ -56,7 +56,7 @@ typedef struct ROHashTableOffsets_ { /** \brief initialize a new rohash * - * \param hash_bits hash size as 2^hash_bits, so power of 2 + * \param hash_bits hash size as 2^hash_bits, so power of 2, max 31 * \param item_size size of the data to store * * \retval table ptr or NULL on error @@ -66,8 +66,8 @@ ROHashTable *ROHashInit(uint8_t hash_bits, uint16_t item_size) { SCLogError(SC_ERR_HASH_TABLE_INIT, "data size must be multiple of 4"); return NULL; } - if (hash_bits < 4 || hash_bits > 32) { - SCLogError(SC_ERR_HASH_TABLE_INIT, "invalid hash_bits setting, valid range is 4-32"); + if (hash_bits < 4 || hash_bits > 31) { + SCLogError(SC_ERR_HASH_TABLE_INIT, "invalid hash_bits setting, valid range is 4-31"); return NULL; }