From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS4713 221.184.0.0/13 X-Spam-Status: No, score=-3.0 required=3.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,SPF_PASS,T_DKIM_INVALID shortcircuit=no autolearn=ham autolearn_force=no version=3.4.0 Received: from neon.ruby-lang.org (neon.ruby-lang.org [221.186.184.75]) by dcvr.yhbt.net (Postfix) with ESMTP id 5BEE620357 for ; Sat, 15 Jul 2017 02:22:19 +0000 (UTC) Received: from neon.ruby-lang.org (localhost [IPv6:::1]) by neon.ruby-lang.org (Postfix) with ESMTP id 4409D1207CC; Sat, 15 Jul 2017 11:22:16 +0900 (JST) Received: from o1678948x4.outbound-mail.sendgrid.net (o1678948x4.outbound-mail.sendgrid.net [167.89.48.4]) by neon.ruby-lang.org (Postfix) with ESMTPS id AB88912068F for ; Sat, 15 Jul 2017 11:22:13 +0900 (JST) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=sendgrid.me; h=from:to:references:subject:mime-version:content-type:content-transfer-encoding:list-id; s=smtpapi; bh=czuhJUKSN4MPQVP9qexinQ9jQYE=; b=pcmI9+YEZqdGJHrY2Y wt1s9wOlkLjXM5KX5+D2F63HplsVJrBt7JsFYCCSp/lIPV1RnvmSclbce98HC0Um o98GFWY13+oUtAAnvWcrX7TpWg0ugxrKEy1GBNKboCcKVw+gHe+E8dfgSRaMyQIA SKTo3JfZBB+5qL0TbArS3btjk= Received: by filter0950p1mdw1.sendgrid.net with SMTP id filter0950p1mdw1-23468-59697C51-24 2017-07-15 02:22:09.381037732 +0000 UTC Received: from herokuapp.com (ec2-54-211-41-99.compute-1.amazonaws.com [54.211.41.99]) by ismtpd0002p1iad1.sendgrid.net (SG) with ESMTP id KytHjDGsQrirzQTZ0YaO6Q for ; Sat, 15 Jul 2017 02:22:09.318 +0000 (UTC) Date: Sat, 15 Jul 2017 02:22:10 +0000 (UTC) From: shyouhei@ruby-lang.org To: ruby-core@ruby-lang.org Message-ID: References: Mime-Version: 1.0 X-Redmine-MailingListIntegration-Message-Ids: 57108 X-Redmine-Project: ruby-trunk X-Redmine-Issue-Id: 13660 X-Redmine-Issue-Author: Eregon X-Redmine-Sender: shyouhei X-Mailer: Redmine X-Redmine-Host: bugs.ruby-lang.org X-Redmine-Site: Ruby Issue Tracking System X-Auto-Response-Suppress: All Auto-Submitted: auto-generated X-SG-EID: ync6xU2WACa70kv/Ymy4QrNMhiuLXJG8OTL2vJD1yS7AnK4EhtBrr9sa/axKVPTziHl/oumP3d88yI d0QB7sJ29kWqer1mWgXqkf0P/o+O0fYZCg03Kh4cTOFqOJQ8A37OVZ3kETGwj21b4qgxtHsTLD9nVH g1sLmEFOXqlHN4zCdUdtRav/OKhHVhDDccbjND1fgs0UrQxEmJpbUSF/3w== X-ML-Name: ruby-core X-Mail-Count: 82071 Subject: [ruby-core:82071] [Ruby trunk Bug#13660] rb_str_hash_m discards bits from the hash X-BeenThere: ruby-core@ruby-lang.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: Ruby developers List-Id: Ruby developers List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ruby-core-bounces@ruby-lang.org Sender: "ruby-core" Issue #13660 has been updated by shyouhei (Shyouhei Urabe). We looked at this issue at yesterday's developer meeting. The attendees agree that current behaviour is intentional. Because creating Bignums every time is too slow for this experiential hot spot, we want to avoid such thing and stick to Fixnum. If you (or other cryptography experts) have any concerns on information security by cutting bits of hash values, please tell us a bit more details about what's wrong. ---------------------------------------- Bug #13660: rb_str_hash_m discards bits from the hash https://bugs.ruby-lang.org/issues/13660#change-65803 * Author: Eregon (Benoit Daloze) * Status: Open * Priority: Normal * Assignee: * Target version: * ruby -v: ruby 2.3.3p222 (2016-11-21 revision 56859) [x64-mingw32] * Backport: 2.2: UNKNOWN, 2.3: UNKNOWN, 2.4: UNKNOWN ---------------------------------------- I believe rb_str_hash_m might discard some bits from the hash value in some situations. It computes the hash as a st_index_t, which is either a unsigned long or a unsigned long long. But the st_index_t value is converted to a VALUE with: #define ST2FIX(h) LONG2FIX((long)(h)) Note that for instance on x64-mingw32, SIZEOF_LONG is 4, but SIZEOF_LONG_LONG and SIZEOF_VOIDP are 8 bytes. So that truncates half the bits of the hash on such a platform if my understanding is correct. Even is SIZEOF_LONG is 8, LONG2FIX loses the MSB I think, given that not all long can fit the Fixnum range on MRI (should it be LONG2NUM?). Also, I am not sure if it is intended to cast from a unsigned value to a signed value. I tried many things while debugging the rb_str_hash spec on ruby/spec and eventually gave up. This computation looks wrong to me in MRI. For info, here is my debug code: https://github.com/eregon/rubyspec/blob/d62189450c0a56bfcd379e5e505ad097892d2bc7/optional/capi/string_spec.rb#L501-L518 https://github.com/eregon/rubyspec/blob/d62189450c0a56bfcd379e5e505ad097892d2bc7/optional/capi/ext/string_spec.c#L361-L381 and the build result on AppVeyor: https://ci.appveyor.com/project/eregon/spec-x948i/build/629 -- https://bugs.ruby-lang.org/