Disable hash seeding for bootstrapped tools

thiagomacieira · The Qt Project · commit 5283a6c87bea · 2014-05-21T01:34:38.000+02:00
Any bootstrapped tool is a development tool, by definition. So the
effects of seeding the hash with a random number can cause the same
source input to produce different binary results, which can throw some
caching tools into disarray (like the Open Build System).

There should be minimal fall out from the reduced protection against
DoS. Since those are only development tools, "specially crafted" input
implies the developer is DoS'ing him/herself.

Note: the change to qhash.cpp applies to moc and rcc, which are always
bootstrapped.

Change-Id: I061ab52036e40627c0703f1bf881455cbf848f43
Reviewed-by: Oswald Buddenhagen &lt;oswald.buddenhagen@digia.com&gt;
Reviewed-by: hjk &lt;hjk121@nokiamail.com&gt;
diff --git a/src/corelib/tools/qhash.cpp b/src/corelib/tools/qhash.cpp
@@ -222,12 +222,13 @@ uint qHash(QLatin1String key, uint seed) Q_DECL_NOTHROW
 */
 static uint qt_create_qhash_seed()
 {
+    uint seed = 0;
+
+#ifndef QT_BOOTSTRAPPED
     QByteArray envSeed = qgetenv("QT_HASH_SEED");
     if (!envSeed.isNull())
         return envSeed.toUInt();
 
-    uint seed = 0;
-
 #ifdef Q_OS_UNIX
     int randomfd = qt_safe_open("/dev/urandom", O_RDONLY);
     if (randomfd == -1)
@@ -254,17 +255,16 @@ static uint qt_create_qhash_seed()
     seed ^= timestamp;
     seed ^= (timestamp >> 32);
 
-#ifndef QT_BOOTSTRAPPED
     quint64 pid = QCoreApplication::applicationPid();
     seed ^= pid;
     seed ^= (pid >> 32);
-#endif // QT_BOOTSTRAPPED
 
     quintptr seedPtr = reinterpret_cast<quintptr>(&seed);
     seed ^= seedPtr;
 #if QT_POINTER_SIZE == 8
     seed ^= (seedPtr >> 32);
 #endif
+#endif // QT_BOOTSTRAPPED
 
     return seed;
 }
diff --git a/src/tools/qdoc/main.cpp b/src/tools/qdoc/main.cpp
@@ -542,13 +542,15 @@ static void processQdocconfFile(const QString &fileName)
     Generator::debugSegfault("qdoc finished!");
 }
 
+extern Q_CORE_EXPORT QBasicAtomicInt qt_qhash_seed;
 QT_END_NAMESPACE
 
 int main(int argc, char **argv)
 {
     QT_USE_NAMESPACE
 
 #ifndef QT_BOOTSTRAPPED
+    qt_qhash_seed.testAndSetRelaxed(-1, 0); // set the hash seed to 0 if it wasn't set yet
     QCoreApplication app(argc, argv);
 #endif
 
diff --git a/src/tools/uic/main.cpp b/src/tools/uic/main.cpp
@@ -52,9 +52,12 @@
 #include <qcommandlineparser.h>
 
 QT_BEGIN_NAMESPACE
+extern Q_CORE_EXPORT QBasicAtomicInt qt_qhash_seed;
 
 int runUic(int argc, char *argv[])
 {
+    qt_qhash_seed.testAndSetRelaxed(-1, 0); // set the hash seed to 0 if it wasn't set yet
+
     QCoreApplication app(argc, argv);
     QCoreApplication::setApplicationVersion(QString::fromLatin1(QT_VERSION_STR));
 

Original file line number	Diff line number	Diff line change
`@@ -542,13 +542,15 @@ static void processQdocconfFile(const QString &fileName)`
`542`	`542`	`Generator::debugSegfault("qdoc finished!");`
`543`	`543`	`}`
`544`	`544`
	`545`	`+extern Q_CORE_EXPORT QBasicAtomicInt qt_qhash_seed;`
`545`	`546`	`QT_END_NAMESPACE`
`546`	`547`
`547`	`548`	`int main(int argc, char **argv)`
`548`	`549`	`{`
`549`	`550`	`QT_USE_NAMESPACE`
`550`	`551`
`551`	`552`	`#ifndef QT_BOOTSTRAPPED`
	`553`	`+ qt_qhash_seed.testAndSetRelaxed(-1, 0); // set the hash seed to 0 if it wasn't set yet`
`552`	`554`	`QCoreApplication app(argc, argv);`
`553`	`555`	`#endif`
`554`	`556`