这是indexloc提供的服务,不要输入任何密码
Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: abseil/abseil-cpp
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 20240722.0
Choose a base ref
...
head repository: abseil/abseil-cpp
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: lts_2024_07_22
Choose a head ref
  • 1 commit
  • 4 files changed
  • 1 contributor

Commits on Jan 23, 2025

  1. Fix potential integer overflow in hash container create/resize (#1811) 

    The sized constructors, reserve(), and rehash() methods of
absl::{flat,node}_hash_{set,map} did not impose an upper bound on
their size argument. As a result, it was possible for a caller to pass
a very large size that would cause an integer overflow when computing
the size of the container's backing store. Subsequent accesses to the
container might then access out-of-bounds memory.

The fix is in two parts:

1) Update max_size() to return the maximum number of items that can be
stored in the container

2) Validate the size arguments to the constructors, reserve(), and
rehash() methods, and abort the program when the argument is invalid

We've looked at uses of these containers in Google codebases like
Chrome, and determined this vulnerability is likely to be difficult to
exploit. This is primarily because container sizes are rarely
attacker-controlled.

The bug was discovered by Dmitry Vyukov <dvyukov@google.com>.
    @derekmauro
    derekmauro authored Jan 23, 2025
    Configuration menu
    Copy the full SHA
    dd4c89b View commit details
    Browse the repository at this point in the history
Loading