> From: Bruce Richardson [mailto:[email protected]]
> Sent: Friday, 20 February 2026 15.40
>
> When computing the offset inside the overall hash structure by adding
> an
> offset to a base pointer, the offset was generally calculated by
> multiplying two 32-bit values, which could then overflow. Prevent
> overflow by using (uintptr_t) casts on the elements being multiplied to
> ensure they are 64-bit on 64-bit systems.
>
> Fixes: b26473ff8f4a ("hash: add reset function")
> Fixes: 406da3dfb3b5 ("hash: move duplicated code into functions")
> Fixes: 9eca8bd7a61c ("hash: separate lock-free and r/w lock lookup")
> Fixes: 4d9ca3ed2133 ("hash: use ordered loads only if signature
> matches")
> Fixes: 769b2de7fb52 ("hash: implement RCU resources reclamation")
> Fixes: e605a1d36ca7 ("hash: add lock-free r/w concurrency")
> Fixes: 6dc34e0afe7a ("hash: retrieve a key given its position")
> Fixes: f9edbc9bb6bc ("hash: add iterate function")
> Fixes: 75706568a7eb ("hash: add extendable bucket feature")
> Cc: [email protected]
>
> Signed-off-by: Bruce Richardson <[email protected]>
> ---
> lib/hash/rte_cuckoo_hash.c | 36 ++++++++++++++++++------------------
> 1 file changed, 18 insertions(+), 18 deletions(-)
>
> diff --git a/lib/hash/rte_cuckoo_hash.c b/lib/hash/rte_cuckoo_hash.c
> index da12825c6e..f2478d5286 100644
> --- a/lib/hash/rte_cuckoo_hash.c
> +++ b/lib/hash/rte_cuckoo_hash.c
> @@ -705,7 +705,7 @@ rte_hash_reset(struct rte_hash *h)
> }
>
> memset(h->buckets, 0, h->num_buckets * sizeof(struct
> rte_hash_bucket));
> - memset(h->key_store, 0, h->key_entry_size * (h->entries + 1));
> + memset(h->key_store, 0, (size_t)h->key_entry_size * (h->entries +
> 1));
Agree.
> *h->tbl_chng_cnt = 0;
>
> /* reset the free ring */
> @@ -774,7 +774,7 @@ search_and_update(const struct rte_hash *h, void
> *data, const void *key,
> for (i = 0; i < RTE_HASH_BUCKET_ENTRIES; i++) {
> if (bkt->sig_current[i] == sig) {
> k = (struct rte_hash_key *) ((char *)keys +
> - bkt->key_idx[i] * h->key_entry_size);
> + (uintptr_t)bkt->key_idx[i] * h-
> >key_entry_size);
The fix is technically correct.
However, for source code readability purposes:
Please don't cast bkt->key_idx[i] (and similar below) to uintptr_t; it's not a
pointer type.
It might be reasonable casting it to ptrdiff_t, but I'm not sure about that.
The natural type for h->key_entry_size is size_t; it's only smaller to save
memory or something.
So, please cast the type that naturally would be wider, i.e. use:
(size_t)h->key_entry_size
PS: If you change the casting as suggested, remember to update the patch
description accordingly.
With or without above suggestion for readability,
Acked-by: Morten Brørup <[email protected]>
