Interesting Things
String#hashdoes not always produce the same hash on different machines and/or different architectures. Don’t use the hash of a string across machines to identify it.Nginx has released a security patch to fix a remote execution security vulnerability.
Here’s the code at revision 24934 ( Tue Sep 15 05:27:29 2009 UTC ); search for “hash”.
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/trunk/string.c?revision=24934&view=markup
( It uses “Murmurhash”, http://murmurhash.googlepages.com )
This snippet seems to cause what you are describing:
st_index_t
rb_hash_start(st_index_t h)
{
static int hashseed_init = 0;
static VALUE hashseed;
if (!hashseed_init) {
hashseed = rb_genrand_int32();
#if SIZEOF_VALUE*CHAR_BIT > 4*8
hashseed < <= 4*8;
hashseed |= rb_genrand_int32();
#endif
#if SIZEOF_VALUE*CHAR_BIT > 8*8
hashseed < <= 8*8;
hashseed |= rb_genrand_int32();
#endif
#if SIZEOF_VALUE*CHAR_BIT > 12*8
hashseed <<= 12*8;
hashseed |= rb_genrand_int32();
#endif
hashseed_init = 1;
}
Not quite sure.
Stephan
September 15, 2009 at 1:18 pm
Sorry, that comment doesn’t come out well. I guess I wasn’t aware of your blog software’s formatting function.
S
September 15, 2009 at 1:20 pm