From d262033ded4c6a466ada474b813f31826d01e1e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20Fl=C3=BCgel?=
 <122094924+JohannesFluegelHighyag@users.noreply.github.com>
Date: Wed, 22 Mar 2023 19:16:32 +0100
Subject: [PATCH] Prevent overflow in hash function str2tag_core() (#1529)

* str2tag_core(): prevent overflow

* Update httplib.h

works for all sizes of unsigned int and if there exists a #define for max
---
 httplib.h | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/httplib.h b/httplib.h
index 1125f59..50c7709 100644
--- a/httplib.h
+++ b/httplib.h
@@ -2978,9 +2978,13 @@ inline void get_remote_ip_and_port(socket_t sock, std::string &ip, int &port) {
 
 inline constexpr unsigned int str2tag_core(const char *s, size_t l,
                                            unsigned int h) {
-  return (l == 0) ? h
-                  : str2tag_core(s + 1, l - 1,
-                                 (h * 33) ^ static_cast<unsigned char>(*s));
+  return (l == 0)
+             ? h
+             : str2tag_core(
+                   s + 1, l - 1,
+                   //unsets the 6 high bits of h, therefore no overflow happens
+                   (((std::numeric_limits<unsigned int>::max)() >> 6) & h * 33) ^
+                       static_cast<unsigned char>(*s));
 }
 
 inline unsigned int str2tag(const std::string &s) {