Mercurial > hg > nginx
view src/core/ngx_murmurhash.c @ 7494:a42a6dfeb01a
Fixed incorrect length handling in ngx_utf8_length().
Previously, ngx_utf8_decode() was called from ngx_utf8_length() with
incorrect length, potentially resulting in out-of-bounds read when
handling invalid UTF-8 strings.
In practice out-of-bounds reads are not possible though, as autoindex, the
only user of ngx_utf8_length(), provides null-terminated strings, and
ngx_utf8_decode() anyway returns an errors when it sees a null in the
middle of an UTF-8 sequence.
Reported by Yunbin Liu.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 15 Apr 2019 20:14:07 +0300 |
parents | f38647c651a8 |
children |
line wrap: on
line source
/* * Copyright (C) Austin Appleby */ #include <ngx_config.h> #include <ngx_core.h> uint32_t ngx_murmur_hash2(u_char *data, size_t len) { uint32_t h, k; h = 0 ^ len; while (len >= 4) { k = data[0]; k |= data[1] << 8; k |= data[2] << 16; k |= data[3] << 24; k *= 0x5bd1e995; k ^= k >> 24; k *= 0x5bd1e995; h *= 0x5bd1e995; h ^= k; data += 4; len -= 4; } switch (len) { case 3: h ^= data[2] << 16; /* fall through */ case 2: h ^= data[1] << 8; /* fall through */ case 1: h ^= data[0]; h *= 0x5bd1e995; } h ^= h >> 13; h *= 0x5bd1e995; h ^= h >> 15; return h; }