From 1f286989986a384e34d9de1acf8899439506695a Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Sat, 22 Aug 2015 14:27:03 -0700
Subject: libutils: cleanups for -fsanitize=integer

* Hashing functions rely on integer overflow behavior.
Mark those functions as safe.

* abort() if a passed in size_t value is greater than
UINT32_MAX. This can occur on 64 bit builds where size_t
is larger than uint32_t.

* Special case the index lookup for an empty sorted vector.
Without the special case, size() == 0, and size()-1 underflows.

Change-Id: I343a14b589fc8f0d221c1998ae5d6f0b9e2781f8
---
 libutils/JenkinsHash.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'libutils/JenkinsHash.cpp')

diff --git a/libutils/JenkinsHash.cpp b/libutils/JenkinsHash.cpp
index 52c9bb7df..ff5d252a4 100644
--- a/libutils/JenkinsHash.cpp
+++ b/libutils/JenkinsHash.cpp
@@ -19,10 +19,14 @@
  * should still be quite good.
  **/
 
+#include <stdlib.h>
 #include <utils/JenkinsHash.h>
 
 namespace android {
 
+#ifdef __clang__
+__attribute__((no_sanitize("integer")))
+#endif
 hash_t JenkinsHashWhiten(uint32_t hash) {
     hash += (hash << 3);
     hash ^= (hash >> 11);
@@ -31,6 +35,9 @@ hash_t JenkinsHashWhiten(uint32_t hash) {
 }
 
 uint32_t JenkinsHashMixBytes(uint32_t hash, const uint8_t* bytes, size_t size) {
+    if (size > UINT32_MAX) {
+        abort();
+    }
     hash = JenkinsHashMix(hash, (uint32_t)size);
     size_t i;
     for (i = 0; i < (size & -4); i += 4) {
@@ -47,6 +54,9 @@ uint32_t JenkinsHashMixBytes(uint32_t hash, const uint8_t* bytes, size_t size) {
 }
 
 uint32_t JenkinsHashMixShorts(uint32_t hash, const uint16_t* shorts, size_t size) {
+    if (size > UINT32_MAX) {
+        abort();
+    }
     hash = JenkinsHashMix(hash, (uint32_t)size);
     size_t i;
     for (i = 0; i < (size & -2); i += 2) {
-- 
cgit v1.2.3