From f55598f870b2346ed48a32befc51b9a548b8b5fa Mon Sep 17 00:00:00 2001 From: Nick Mathewson Date: Fri, 28 Jun 2019 11:57:36 -0400 Subject: [PATCH] Coverity: different implementation for csiphash Coverity has had trouble figuring out our csiphash implementation, and has given spurious warnings about its behavior. This patch changes the csiphash implementation when coverity is in use, so that coverity can figure out that we are not about to read beyond the provided input. Closes ticket 31025. --- changes/ticket31025 | 5 +++++ src/ext/csiphash.c | 8 ++++++++ 2 files changed, 13 insertions(+) create mode 100644 changes/ticket31025 diff --git a/changes/ticket31025 b/changes/ticket31025 new file mode 100644 index 0000000000..c572288239 --- /dev/null +++ b/changes/ticket31025 @@ -0,0 +1,5 @@ + o Minor bugfixes (coverity): + - In our siphash implementation, when building for coverity, use memcpy + in place of a switch statement, so that coverity can tell we are not + accessing out-of-bounds memory. Fixes bug 31025; bugfix on + 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295. diff --git a/src/ext/csiphash.c b/src/ext/csiphash.c index af8559a476..faa52ae4e1 100644 --- a/src/ext/csiphash.c +++ b/src/ext/csiphash.c @@ -87,6 +87,13 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k v0 ^= mi; } +#ifdef __COVERITY__ + { + uint64_t mi = 0; + memcpy(&mi, m+i, (src_sz-blocks)); + last7 = _le64toh(mi) | (uint64_t)(src_sz & 0xff) << 56; + } +#else switch (src_sz - blocks) { case 7: last7 |= (uint64_t)m[i + 6] << 48; /* Falls through. */ case 6: last7 |= (uint64_t)m[i + 5] << 40; /* Falls through. */ @@ -98,6 +105,7 @@ uint64_t siphash24(const void *src, unsigned long src_sz, const struct sipkey *k case 0: default:; } +#endif v3 ^= last7; DOUBLE_ROUND(v0,v1,v2,v3); v0 ^= last7; -- 2.47.3