Signed error in command_log_reader.cc
Bug #437896 reported by
Brian Aker
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Drizzle |
Fix Released
|
Critical
|
Jay Pipes |
Bug Description
Hi!
From plugin/
uint32_t recalc_checksum= crc32(0, (const unsigned char *) checksum_
crc32 is defined in zlib.h as:
ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
There are several issues. length can be a larger value then what crc32 can take. Also, crc32 is returns a long, so on a 32bit platform it may be ok to receive the value but on 64bit...
I'd recommend pulling the crc implementation from libmemcached and using that (or possibly a different algo).
Cheers,
-Brian
Related branches
lp://staging/~jaypipes/drizzle/bug437896
- Drizzle Developers: Pending requested
-
Diff: 272 lines6 files modifieddrizzled/Makefile.am (+2/-0)
drizzled/crc32.cc (+87/-0)
drizzled/crc32.h (+13/-0)
plugin/command_log/command_log.cc (+17/-17)
plugin/command_log/command_log_reader.cc (+2/-2)
plugin/command_log/plugin.ini (+0/-1)
Changed in drizzle: | |
assignee: | nobody → Jay Pipes (jaypipes) |
importance: | Undecided → Critical |
milestone: | none → bell |
Changed in drizzle: | |
status: | New → Confirmed |
Changed in drizzle: | |
status: | In Progress → Fix Committed |
Changed in drizzle: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
> There are several issues. length can be a larger value then what crc32 can take.
Yes, agreed.
> Also, crc32 is returns a long, so on a 32bit platform it may be ok to receive the value but on 64bit...
> I'd recommend pulling the crc implementation from libmemcached and using that (or possibly a different algo).
Well, the one in libmemcached also returns a 32-bit unsigned integer...
uint32_t hash_crc32(const char *key, size_t key_length)
{
uint32_t x;
uint32_t crc= UINT32_MAX;
for (x= 0; x < key_length; x++)
crc= (crc >> 8) ^ crc32tab[(crc ^ (uint64_t)key[x]) & 0xff];
return ~crc;
}
But, as you can see, it handles lengths greater than 32 bits, though in a way that I am not sure is bitwise correct. It is cast-converting a char into a uint64_t and XORing that against an unsigned 32-bit integer, then ANDing it against the value of 255.
If this is what you want me to use, no problem. Please verify for me, though, that the above algorithm will indeed solve the bug. I *think* it does, but would like you to verify. Thanks!
jay