Problem/Motivation

A few places in core use crc32 for non-cryptographic hashing.

PHP's crc32() produces a signed int, which means it is not portable between 32 and 64 bit platforms. http://php.net/manual/en/function.crc32.php

Proposed resolution

Use hash('crc32b') instead.

Remaining tasks

User interface changes

API changes

Data model changes

CommentFileSizeAuthor
#2 2546680_crc32.patch2.38 KBcatch
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

catch created an issue. See original summary.

catch’s picture

Status: Active » Needs review
FileSize
2.38 KB
longwave’s picture

Status: Needs review » Reviewed & tested by the community

DrupalKernel already uses hash('crc32b'), this fixes the other three instances to match.

Wim Leers’s picture

Wow, I had no idea PHP had such 32 vs. 64 bit distinctions! This would've lead to very, very, very hard-to-track-down bugs. Un-RTBC'd #2542830: Change placeholder token generation from using sha1 to crc32b to fix it there too.

alexpott’s picture

Status: Reviewed & tested by the community » Fixed

This issue addresses a major bug and is allowed per https://www.drupal.org/core/beta-changes. Committed 3f1ba54 and pushed to 8.0.x. Thanks!

  • alexpott committed 3f1ba54 on 8.0.x
    Issue #2546680 by catch: Use hash('crc32b') not crc32()
    

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.