codekaizen / smhasher

Automatically exported from code.google.com/p/smhasher
0 stars 0 forks source link

MurmurHash3_x64_128 reads past end of key buffer #21

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
o it calculates the buffer size in quadwords, rounded down
  nblocks = len/16;  

o then the body loop iterates i up to nblocks-1:
  for(int i = 0; i < nblocks; i++)

o Inside the loop, these accesses happen:
  uint64_t k1 = getblock(blocks,i*2+0);
  uint64_t k2 = getblock(blocks,i*2+1);

o "blocks" is a qword pointer and the getblock calls are equivalent to
  blocks[i*2]  and   blocks[i*2+1]

o So these qword accesses will occur up to qword offset:
  (nblocks-1)*2+1
  ...almost twice the caller's buffer size.

Original issue reported on code.google.com by christop...@gmail.com on 2 Apr 2013 at 6:02

GoogleCodeExporter commented 9 years ago
This is not a bug in the current version of the source (r152).

The fourth point here, '"blocks" is a qword pointer' is not the true. The 
pointer is a uint64_t (i.e. double word).
The factor of two you mentioned is in the 16 of the nblocks = len/16.

Original comment by dersai...@gmail.com on 29 May 2014 at 9:08