This is an archive of the discontinued LLVM Phabricator instance.

Differential D158117

Fix integer overflow in ConcurrentHashtTableByPtr
ClosedPublic

Authored by andrew.w.kaylor on Aug 16 2023, 2:12 PM.

Details

Reviewers
avl
MaskRay
Commits
rG6664e80ace08: Fix integer overflow in ConcurrentHashtTableByPtr
Summary

This fixes a problem with potential integer overflow when multiplying two 32-bit values and assigning the result to a 64-bit value.

The potential overflow has been present since D132455 was re-landed. The initial version of the patch defined MaxBucketSize and NumberOfBuckets as size_t (which I guess would still be a problem for some targets). When the patch was re-landed they were defined as uint32_t, making the calculation of ExtHashMask subject to overflow.

Diff Detail

Event Timeline

andrew.w.kaylor created this revision.Aug 16 2023, 2:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 16 2023, 2:12 PM
andrew.w.kaylor requested review of this revision.Aug 16 2023, 2:12 PM
Herald added a project: Restricted Project. · View Herald TranscriptAug 16 2023, 2:12 PM
Herald added a subscriber: llvm-commits. · View Herald Transcript
andrew.w.kaylor mentioned this in D132455: [ADT] add ConcurrentHashtable class..Aug 16 2023, 2:13 PM
MaskRay accepted this revision.Aug 16 2023, 2:22 PM
MaskRay added a subscriber: MaskRay.

While here, remove the parens as Multiplication having precedence over addition is well-known.

This revision is now accepted and ready to land.Aug 16 2023, 2:22 PM
Harbormaster completed remote builds in B253043: Diff 550879.Aug 16 2023, 3:28 PM
This revision was landed with ongoing or failed builds.Aug 16 2023, 3:43 PM
Closed by commit rG6664e80ace08: Fix integer overflow in ConcurrentHashtTableByPtr (authored by andrew.w.kaylor). · Explain Why
This revision was automatically updated to reflect the committed changes.
andrew.w.kaylor added a commit: rG6664e80ace08: Fix integer overflow in ConcurrentHashtTableByPtr.

Revision Contents

PathSize
llvm/
include/
llvm/
ADT/
2 lines

Diff 550915

llvm/include/llvm/ADT/ConcurrentHashtable.h

Show First 20 LinesShow All 148 Lines▼ Show 20 Lines ConcurrentHashTableByPtr(
size_t LeadingZerosNumber = countl_zero(HashMask); size_t LeadingZerosNumber = countl_zero(HashMask);
HashBitsNum = 64 - LeadingZerosNumber; HashBitsNum = 64 - LeadingZerosNumber;
// We keep only high 32-bits of hash value. So bucket size cannot // We keep only high 32-bits of hash value. So bucket size cannot
// exceed 2^31. Bucket size is always power of two. // exceed 2^31. Bucket size is always power of two.
MaxBucketSize = 1Ull << (std::min((size_t)31, LeadingZerosNumber)); MaxBucketSize = 1Ull << (std::min((size_t)31, LeadingZerosNumber));
// Calculate mask for extended hash bits. // Calculate mask for extended hash bits.
ExtHashMask = (NumberOfBuckets * MaxBucketSize) - 1; ExtHashMask = (uint64_t)NumberOfBuckets * MaxBucketSize - 1;
} }
virtual ~ConcurrentHashTableByPtr() { virtual ~ConcurrentHashTableByPtr() {
// Deallocate buckets. // Deallocate buckets.
for (uint32_t Idx = 0; Idx < NumberOfBuckets; Idx++) { for (uint32_t Idx = 0; Idx < NumberOfBuckets; Idx++) {
delete[] BucketsArray[Idx].Hashes; delete[] BucketsArray[Idx].Hashes;
delete[] BucketsArray[Idx].Entries; delete[] BucketsArray[Idx].Entries;
} }
▲ Show 20 LinesShow All 236 LinesShow Last 20 Lines