rurban
commented
6 years ago Thanks, I'll check. hash flood should only be triggered by malign attackers. I can repro it.
Very good catch. The problem occurs with any large %^H hints hash, with >127 entries. The check in the insertion logic was wrong. We need to check the collisions when we actually insert the key, not when we skip it. Needs to be backported.
Some tests from Regexp::Common cause CHECK_HASH_FLOOD() in hv.c to croak.
panic: distributed hash flood BEGIN failed--compilation aborted at t/SEN/usa_ssn.t line 16. BEGIN failed--compilation aborted at t/zip/netherlands.t line 13. BEGIN failed--compilation aborted at t/zip/spain.t line 14.
Noticed while testing cperl 5.27 and Regexp::Common 2017060201 on Linux/x86_64. Related to #246.