commit 2fce1274de5bcfd053d6b4b4b5858f6061eb2989
parent f7dc920f4ba6c025c9162a2d1894672686f11ef2
Author: David Goulet <dgoulet@torproject.org>
Date: Tue, 23 Jul 2019 09:43:36 -0400
Merge branch 'tor-github/pr/1153'
Diffstat:
2 files changed, 13 insertions(+), 0 deletions(-)
diff --git a/changes/ticket31025 b/changes/ticket31025
@@ -0,0 +1,5 @@
+ o Minor bugfixes (coverity):
+ - In our siphash implementation, when building for coverity, use memcpy
+ in place of a switch statement, so that coverity can tell we are not
+ accessing out-of-bounds memory. Fixes bug 31025; bugfix on
+ 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295.
diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c
@@ -87,6 +87,13 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k
v0 ^= mi;
}
+#ifdef __COVERITY__
+ {
+ uint64_t mi = 0;
+ memcpy(&mi, m+i, (src_sz-blocks));
+ last7 = _le64toh(mi) | (uint64_t)(src_sz & 0xff) << 56;
+ }
+#else
switch (src_sz - blocks) {
case 7: last7 |= (uint64_t)m[i + 6] << 48; /* Falls through. */
case 6: last7 |= (uint64_t)m[i + 5] << 40; /* Falls through. */
@@ -98,6 +105,7 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k
case 0:
default:;
}
+#endif
v3 ^= last7;
DOUBLE_ROUND(v0,v1,v2,v3);
v0 ^= last7;
