Home Explore Help
Sign In
thomas
/
open62541
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix oss_fuzz bug 3599

The multiplication of the node id 4211081216 and the magic knuth number
would lead to an integer overflow.

See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3599
Credit to oss-fuzz
Stefan Profanter 7 years ago
parent
9d6b4566bd
commit
b2c0798c23
2 changed files with 6 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      CMakeLists.txt
  2. 2 1
      src/ua_types.c

+ 4 - 0
CMakeLists.txt
View File 

@@ -132,6 +132,10 @@ endif()
 
 # Force compilation with as C++
 
 option(UA_COMPILE_AS_CXX "Force compilation with a C++ compiler" OFF)
 
 mark_as_advanced(UA_COMPILE_AS_CXX)
 
+if (UA_COMPILE_AS_CXX)
 
+    # We need the UINT32_C define
 
+    add_definitions(-D__STDC_CONSTANT_MACROS)
 
+endif()
 
 
 #####################
 
 # Compiler Settings #

+ 2 - 1
src/ua_types.c
View File 

@@ -296,7 +296,8 @@ UA_NodeId_hash(const UA_NodeId *n) {
 
     switch(n->identifierType) {
 
     case UA_NODEIDTYPE_NUMERIC:
 
     default:
 
-        return (u32)(n->namespaceIndex + (n->identifier.numeric * 2654435761)); /*  Knuth's multiplicative hashing */
 
+        // shift knuth multiplication to use highest 32 bits and after addition make sure we don't have an integer overflow
 
+        return (u32)((n->namespaceIndex + ((n->identifier.numeric * (u64)2654435761) >> (32))) & UINT32_C(4294967295)); /*  Knuth's multiplicative hashing */
 
     case UA_NODEIDTYPE_STRING:
 
     case UA_NODEIDTYPE_BYTESTRING:
 
         return fnv32(n->namespaceIndex, n->identifier.string.data, n->identifier.string.length);