yggdrasil/yggdrasil-elf
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix an 'attempt to shift right with overflow' panic in the GnuHashTable if nshift is wider than the bloom filter word size

Browse Source 
This changes the case to be an IntegerOverflow error instead of a crash/panic by using checked_shr

This was found by fuzz testing
This commit is contained in:
Christopher Cole 2023-02-07 22:47:43 -08:00
parent 5f4014de1f
commit dea6edfdf7
No known key found for this signature in database
GPG Key ID: 0AC856975983E9DB
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/hash.rs
View File

@ -280,10 +280,14 @@ impl<'data, E: EndianParse> GnuHashTable<'data, E> {
}
};
// Check bloom filter for both hashes - symbol is present in the hash table IFF both bits are set.
if filter & (1 << (hash % bloom_width)) == 0 {
return Ok(None);
}
if filter & (1 << ((hash >> self.hdr.nshift) % bloom_width)) == 0 {
let hash2 = hash
.checked_shr(self.hdr.nshift)
.ok_or(ParseError::IntegerOverflow)?;
if filter & (1 << (hash2 % bloom_width)) == 0 {
return Ok(None);
}