diff options
| author | Giuseppe D'Angelo <dangelog@gmail.com> | 2012-03-22 09:32:03 +0000 |
|---|---|---|
| committer | Qt by Nokia <qt-info@nokia.com> | 2012-04-08 21:44:26 +0200 |
| commit | ddb70bee2fd323ddc4273aec5d40d975f50d2904 (patch) | |
| tree | 660da583fa2dfc58436fb77c719ace9708da33f9 /src/corelib/tools/qhash.cpp | |
| parent | ea17c21fd8b93a94027fad7d3827904ae96e2a3b (diff) | |
Stop relying on qHash always giving the same results
The implementation of the various qHash overloads offered by
Qt can change at any time for any reason
(speed, quality, security, ...).
Therefore, relying on the fact that qHash will always give
an identical result across Qt versions (... across different
processes, etc.), given identical input, is wrong.
Note that this also implies that one cannot rely on QHash
having a stable ordering (even without the random qHash seed).
For such use cases, one must use f.i. a private hash function
that will never change outside his own control.
This patch adds a private hash function for QStrings,
which is identical to the Qt(4) qHash(QString) implementation.
A couple of spots in Qt where the results of a qHash call were
actually saved on disk are ported to use the new function,
and a bit of documentation is added to QHash docs.
Change-Id: Ia3731ea26ac68649b535b95e9f36fbec3df693c8
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Robin Burchell <robin+qt@viroteck.net>
Diffstat (limited to 'src/corelib/tools/qhash.cpp')
| -rw-r--r-- | src/corelib/tools/qhash.cpp | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/corelib/tools/qhash.cpp b/src/corelib/tools/qhash.cpp index 6119c945fe..ce7d4ad098 100644 --- a/src/corelib/tools/qhash.cpp +++ b/src/corelib/tools/qhash.cpp @@ -222,6 +222,31 @@ static void qt_initialize_qhash_seed() } } +/*! + \internal + + Private copy of the implementation of the Qt 4 qHash algorithm for strings, + to be used wherever the result is somehow stored or reused across multiple + Qt versions. The public qHash implementation can change at any time, + therefore one must not rely on the fact that it will always give the same + results. + + This function must *never* change its results. +*/ +uint qt_hash(const QString &key) +{ + const QChar *p = key.unicode(); + int n = key.size(); + uint h = 0; + + while (n--) { + h = (h << 4) + (*p++).unicode(); + h ^= (h & 0xf0000000) >> 23; + h &= 0x0fffffff; + } + return h; +} + /* The prime_deltas array is a table of selected prime values, even though it doesn't look like one. The primes we are using are 1, @@ -817,6 +842,11 @@ void QHashData::checkSanity() XOR'ed this with the day they were born to help produce unique hashes for people with the same name. + Note that the implementation of the qHash() overloads offered by Qt + may change at any time. You \b{must not} rely on the fact that qHash() + will give the same results (for the same inputs) across different Qt + versions. + \section2 Algorithmic complexity attacks All hash tables are vulnerable to a particular class of denial of service |