Fix the internals of our hash functions to used unsigned values during hash
computation as the overflow behavior of signed integers is undefined.
In practice we require compiling everything with -fwrapv which forces overflow
to be defined as twos compliment but this keeps the code cleaner for checkers
or in the case where someone has compiled it without -fwrapv or their
compiler's equivalent.
Found by Clang trunk's Undefined Behavior Sanitizer (UBSan).
Cleanup only - no functionality or hash values change.
diff --git a/Objects/tupleobject.c b/Objects/tupleobject.c
index b345460..c725227 100644
--- a/Objects/tupleobject.c
+++ b/Objects/tupleobject.c
@@ -315,11 +315,11 @@
static Py_hash_t
tuplehash(PyTupleObject *v)
{
- register Py_hash_t x, y;
+ register Py_uhash_t x, y; /* Unsigned for defined overflow behavior. */
register Py_ssize_t len = Py_SIZE(v);
register PyObject **p;
- Py_hash_t mult = _PyHASH_MULTIPLIER;
- x = 0x345678L;
+ Py_uhash_t mult = _PyHASH_MULTIPLIER;
+ x = 0x345678UL;
p = v->ob_item;
while (--len >= 0) {
y = PyObject_Hash(*p++);
@@ -327,9 +327,9 @@
return -1;
x = (x ^ y) * mult;
/* the cast might truncate len; that doesn't change hash stability */
- mult += (Py_hash_t)(82520L + len + len);
+ mult += (Py_uhash_t)(82520UL + len + len);
}
- x += 97531L;
+ x += 97531UL;
if (x == -1)
x = -2;
return x;