From: Nikita Popov Date: Wed, 19 Jun 2019 13:55:56 +0000 (+0200) Subject: Fix shift UB in hash_snefru X-Git-Tag: php-7.4.0alpha2~51^2~2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=555d68be1067d1757168ec8bbea032c68a13f0ec;p=php Fix shift UB in hash_snefru --- diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c index 4bca34d6c3..867556acc5 100644 --- a/ext/hash/hash_snefru.c +++ b/ext/hash/hash_snefru.c @@ -123,8 +123,8 @@ static inline void SnefruTransform(PHP_SNEFRU_CTX *context, const unsigned char int i, j; for (i = 0, j = 0; i < 32; i += 4, ++j) { - context->state[8+j] = ((input[i] & 0xff) << 24) | ((input[i+1] & 0xff) << 16) | - ((input[i+2] & 0xff) << 8) | (input[i+3] & 0xff); + context->state[8+j] = ((unsigned)input[i] << 24) | ((unsigned)input[i+1] << 16) | + ((unsigned)input[i+2] << 8) | (unsigned)input[i+3]; } Snefru(context->state); ZEND_SECURE_ZERO(&context->state[8], sizeof(uint32_t) * 8);