Stop relying on qHash always giving the same results

The implementation of the various qHash overloads offered by Qt can change at any time for any reason (speed, quality, security, ...). Therefore, relying on the fact that qHash will always give an identical result across Qt versions (... across different processes, etc.), given identical input, is wrong. Note that this also implies that one cannot rely on QHash having a stable ordering (even without the random qHash seed). For such use cases, one must use f.i. a private hash function that will never change outside his own control. This patch adds a private hash function for QStrings, which is identical to the Qt(4) qHash(QString) implementation. A couple of spots in Qt where the results of a qHash call were actually saved on disk are ported to use the new function, and a bit of documentation is added to QHash docs. Change-Id: Ia3731ea26ac68649b535b95e9f36fbec3df693c8 Reviewed-by: Thiago Macieira <thiago.macieira@intel.com> Reviewed-by: Robin Burchell <robin+qt@viroteck.net>
2012-03-22 09:32:03 +00:00 · 2012-03-22 09:32:03 +00:00 · ddb70bee2f
commit ddb70bee2f
parent ea17c21fd8
6 changed files with 36 additions and 5 deletions
--- a/src/corelib/io/qresource.cpp
+++ b/src/corelib/io/qresource.cpp
@ -673,7 +673,7 @@ int QResourceRoot::findNode(const QString &_path, const QLocale &locale) const
            qDebug() << "   " << child+j << " :: " << name(child+j);
        }
 #endif
-        const uint h = qHash(segment);
+        const uint h = qt_hash(segment.toString());

        //do the binary search for the hash
        int l = 0, r = child_count-1;
--- a/src/corelib/io/qtldurl.cpp
+++ b/src/corelib/io/qtldurl.cpp
@ -50,7 +50,7 @@ QT_BEGIN_NAMESPACE

 static bool containsTLDEntry(const QString &entry)
 {
-    int index = qHash(entry) % tldCount;
+    int index = qt_hash(entry) % tldCount;
    int currentDomainIndex = tldIndices[index];
    while (currentDomainIndex < tldIndices[index+1]) {
        QString currentEntry = QString::fromUtf8(tldData + currentDomainIndex);
--- a/src/corelib/tools/qhash.cpp
+++ b/src/corelib/tools/qhash.cpp
@ -222,6 +222,31 @@ static void qt_initialize_qhash_seed()
    }
 }

+/*!
+    \internal
+
+    Private copy of the implementation of the Qt 4 qHash algorithm for strings,
+    to be used wherever the result is somehow stored or reused across multiple
+    Qt versions. The public qHash implementation can change at any time,
+    therefore one must not rely on the fact that it will always give the same
+    results.
+
+    This function must *never* change its results.
+*/
+uint qt_hash(const QString &key)
+{
+    const QChar *p = key.unicode();
+    int n = key.size();
+    uint h = 0;
+
+    while (n--) {
+        h = (h << 4) + (*p++).unicode();
+        h ^= (h & 0xf0000000) >> 23;
+        h &= 0x0fffffff;
+    }
+    return h;
+}
+
 /*
    The prime_deltas array is a table of selected prime values, even
    though it doesn't look like one. The primes we are using are 1,
@ -817,6 +842,11 @@ void QHashData::checkSanity()
    XOR'ed this with the day they were born to help produce unique
    hashes for people with the same name.

+    Note that the implementation of the qHash() overloads offered by Qt
+    may change at any time. You \b{must not} rely on the fact that qHash()
+    will give the same results (for the same inputs) across different Qt
+    versions.
+
    \section2 Algorithmic complexity attacks

    All hash tables are vulnerable to a particular class of denial of service
--- a/src/corelib/tools/qhash.h
+++ b/src/corelib/tools/qhash.h
@ -89,6 +89,7 @@ Q_CORE_EXPORT uint qHash(const QString &key, uint seed = 0);
 Q_CORE_EXPORT uint qHash(const QStringRef &key, uint seed = 0);
 Q_CORE_EXPORT uint qHash(const QBitArray &key, uint seed = 0);
 Q_CORE_EXPORT uint qHash(const QLatin1String &key, uint seed = 0);
+Q_CORE_EXPORT uint qt_hash(const QString &key);

 #if defined(Q_CC_MSVC)
 #pragma warning( push )
--- a/src/tools/rcc/rcc.cpp
+++ b/src/tools/rcc/rcc.cpp
@ -296,7 +296,7 @@ qint64 RCCFileInfo::writeDataName(RCCResourceLibrary &lib, qint64 offset)
    offset += 2;

    // write the hash
-    lib.writeNumber4(qHash(m_name));
+    lib.writeNumber4(qt_hash(m_name));
    if (text)
        lib.writeString("\n  ");
    offset += 4;
@ -880,7 +880,7 @@ bool RCCResourceLibrary::writeDataNames()

 static bool qt_rcc_compare_hash(const RCCFileInfo *left, const RCCFileInfo *right)
 {
-    return qHash(left->m_name) < qHash(right->m_name);
+    return qt_hash(left->m_name) < qt_hash(right->m_name);
 }

 bool RCCResourceLibrary::writeDataStructure()
--- a/util/corelib/qurl-generateTLDs/main.cpp
+++ b/util/corelib/qurl-generateTLDs/main.cpp
@ -103,7 +103,7 @@ int main(int argc, char **argv) {
    while (!file.atEnd()) {
        QString s = QString::fromUtf8(file.readLine());
        QString st = s.trimmed();
-        int num = qHash(st) % lineCount;
+        int num = qt_hash(st) % lineCount;

        QString utf8String = utf8encode(st.toUtf8());