From dea6edfdf7a43ac134f062f65e7c7470f396b239 Mon Sep 17 00:00:00 2001
From: Christopher Cole <luna@spacecat.art>
Date: Tue, 7 Feb 2023 22:47:43 -0800
Subject: [PATCH] Fix an 'attempt to shift right with overflow' panic in the
 GnuHashTable if nshift is wider than the bloom filter word size

This changes the case to be an IntegerOverflow error instead of a crash/panic by using checked_shr

This was found by fuzz testing
---
 src/hash.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/hash.rs b/src/hash.rs
index 6b99a41..eb461f4 100644
--- a/src/hash.rs
+++ b/src/hash.rs
@@ -280,10 +280,14 @@ impl<'data, E: EndianParse> GnuHashTable<'data, E> {
             }
         };
 
+        // Check bloom filter for both hashes - symbol is present in the hash table IFF both bits are set.
         if filter & (1 << (hash % bloom_width)) == 0 {
             return Ok(None);
         }
-        if filter & (1 << ((hash >> self.hdr.nshift) % bloom_width)) == 0 {
+        let hash2 = hash
+            .checked_shr(self.hdr.nshift)
+            .ok_or(ParseError::IntegerOverflow)?;
+        if filter & (1 << (hash2 % bloom_width)) == 0 {
             return Ok(None);
         }