diff options
| author | David Lamparter <equinox@opensourcerouting.org> | 2023-09-19 21:03:24 +0200 |
|---|---|---|
| committer | David Lamparter <equinox@opensourcerouting.org> | 2023-09-19 21:09:17 +0200 |
| commit | e7737c89eb9ef5677a3b21141b6f8eb1e47c958e (patch) | |
| tree | 840ae9b937be99c0a0f90588a23e9dddd6f4ea1a | |
| parent | e7f0bbb1980660bdcf4595e88b60eadd41a0a172 (diff) | |
lib: constrain hash table "tabshift" both ways
The previous change to assume() did address the coverity warning about
one direction of the shift in HASH_KEY, let's constrain the other in
HASH_SIZE as well.
To be fair, the hash table *will* break at 1G entries, but at that point
we have other problems RAM-wise. (Could bump the thing to 64-bit, but
then we need better item hash functions too on every single user.)
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
| -rw-r--r-- | lib/typesafe.h | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/typesafe.h b/lib/typesafe.h index a84298b062..93258c5954 100644 --- a/lib/typesafe.h +++ b/lib/typesafe.h @@ -795,13 +795,16 @@ struct thash_head { uint8_t minshift, maxshift; }; -#define _HASH_SIZE(tabshift) \ - ((1U << (tabshift)) >> 1) +#define _HASH_SIZE(tabshift) \ + ({ \ + assume((tabshift) <= 31); \ + (1U << (tabshift)) >> 1; \ + }) #define HASH_SIZE(head) \ _HASH_SIZE((head).tabshift) #define _HASH_KEY(tabshift, val) \ ({ \ - assume((tabshift) >= 2 && (tabshift) <= 33); \ + assume((tabshift) >= 2 && (tabshift) <= 31); \ (val) >> (33 - (tabshift)); \ }) #define HASH_KEY(head, val) \ |