You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "songwanging (JIRA)" <de...@uima.apache.org> on 2017/12/08 19:48:00 UTC
[jira] [Updated] (UIMA-5667) Potential Integer Overflow
[ https://issues.apache.org/jira/browse/UIMA-5667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
songwanging updated UIMA-5667:
------------------------------
Description:
Our tool DeepTect has detected several potential integer overflow bugs:
Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
{code:java}
private long normalizeMemory(String processMemoryAssignment, MemoryUnits units) {
// Get user defined memory assignment for the JP
long normalizedProcessMemoryRequirements =
Long.parseLong(processMemoryAssignment);
// Normalize memory requirements for JPs into Gigs
if ( units.equals(MemoryUnits.KB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/(1024*1024);
} else if ( units.equals(MemoryUnits.MB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/1024;
} else if ( units.equals(MemoryUnits.GB ) ) {
// already normalized
} else if ( units.equals(MemoryUnits.TB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements*1024;
}
return normalizedProcessMemoryRequirements;
}
private int getShares(long normalizedProcessMemoryRequirements ) {
int shares = (int)normalizedProcessMemoryRequirements/shareQuantum; // get number of shares
if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) shares++; // ciel
return shares;
}
{code}
In the above code snippet, "normalizedProcessMemoryRequirements" is a long variable, if it is super large, directly casting "normalizedProcessMemoryRequirements" into integer (as used in the above code snippet) will definitely lead to a potential integer overflow.
was:
Our tool DeepTect has detected several potential integer overflow bugs:
Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
{code:java}
private long normalizeMemory(String processMemoryAssignment, MemoryUnits units) {
// Get user defined memory assignment for the JP
long normalizedProcessMemoryRequirements =
Long.parseLong(processMemoryAssignment);
// Normalize memory requirements for JPs into Gigs
if ( units.equals(MemoryUnits.KB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/(1024*1024);
} else if ( units.equals(MemoryUnits.MB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/1024;
} else if ( units.equals(MemoryUnits.GB ) ) {
// already normalized
} else if ( units.equals(MemoryUnits.TB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements*1024;
}
return normalizedProcessMemoryRequirements;
}
private int getShares(long normalizedProcessMemoryRequirements ) {
int shares = (int)normalizedProcessMemoryRequirements/shareQuantum; // get number of shares
if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) shares++; // ciel
return shares;
}
{code}
In the above code snippet, "normalizedProcessMemoryRequirements" is a long variable, if it is super large, directly casting "normalizedProcessMemoryRequirements" into integer will definitely lead to a potential integer overflow.
> Potential Integer Overflow
> --------------------------
>
> Key: UIMA-5667
> URL: https://issues.apache.org/jira/browse/UIMA-5667
> Project: UIMA
> Issue Type: Bug
> Components: DUCC
> Affects Versions: 2.10.2SDK
> Reporter: songwanging
>
> Our tool DeepTect has detected several potential integer overflow bugs:
> Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
> {code:java}
> private long normalizeMemory(String processMemoryAssignment, MemoryUnits units) {
> // Get user defined memory assignment for the JP
> long normalizedProcessMemoryRequirements =
> Long.parseLong(processMemoryAssignment);
> // Normalize memory requirements for JPs into Gigs
> if ( units.equals(MemoryUnits.KB ) ) {
> normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/(1024*1024);
> } else if ( units.equals(MemoryUnits.MB ) ) {
> normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/1024;
> } else if ( units.equals(MemoryUnits.GB ) ) {
> // already normalized
> } else if ( units.equals(MemoryUnits.TB ) ) {
> normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements*1024;
> }
> return normalizedProcessMemoryRequirements;
> }
> private int getShares(long normalizedProcessMemoryRequirements ) {
> int shares = (int)normalizedProcessMemoryRequirements/shareQuantum; // get number of shares
> if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) shares++; // ciel
> return shares;
> }
> {code}
> In the above code snippet, "normalizedProcessMemoryRequirements" is a long variable, if it is super large, directly casting "normalizedProcessMemoryRequirements" into integer (as used in the above code snippet) will definitely lead to a potential integer overflow.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
Re: [jira] [Updated] (UIMA-5667) Potential Integer Overflow
Posted by Jaroslaw Cwiklik <cw...@apache.org>.
Hi, thanks for bringing this up. I will address this issue soon.
Jerry
On Fri, Dec 8, 2017 at 2:48 PM, songwanging (JIRA) <de...@uima.apache.org>
wrote:
>
> [ https://issues.apache.org/jira/browse/UIMA-5667?page=
> com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
>
> songwanging updated UIMA-5667:
> ------------------------------
> Description:
> Our tool DeepTect has detected several potential integer overflow bugs:
>
> Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/
> ProcessManagerComponent.java
>
>
> {code:java}
> private long normalizeMemory(String processMemoryAssignment, MemoryUnits
> units) {
> // Get user defined memory assignment for the JP
> long normalizedProcessMemoryRequirements =
> Long.parseLong(processMemoryAssignment);
> // Normalize memory requirements for JPs into Gigs
> if ( units.equals(MemoryUnits.KB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/(1024*1024);
> } else if ( units.equals(MemoryUnits.MB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/1024;
> } else if ( units.equals(MemoryUnits.GB ) ) {
> // already normalized
> } else if ( units.equals(MemoryUnits.TB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements*1024;
> }
> return normalizedProcessMemoryRequirements;
> }
> private int getShares(long normalizedProcessMemoryRequirements ) {
> int shares = (int)normalizedProcessMemoryRequirements/shareQuantum;
> // get number of shares
> if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0
> ) shares++; // ciel
> return shares;
> }
> {code}
>
> In the above code snippet, "normalizedProcessMemoryRequirements" is a
> long variable, if it is super large, directly casting "
> normalizedProcessMemoryRequirements" into integer (as used in the above
> code snippet) will definitely lead to a potential integer overflow.
>
> was:
> Our tool DeepTect has detected several potential integer overflow bugs:
>
> Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/
> ProcessManagerComponent.java
>
>
> {code:java}
> private long normalizeMemory(String processMemoryAssignment, MemoryUnits
> units) {
> // Get user defined memory assignment for the JP
> long normalizedProcessMemoryRequirements =
> Long.parseLong(processMemoryAssignment);
> // Normalize memory requirements for JPs into Gigs
> if ( units.equals(MemoryUnits.KB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/(1024*1024);
> } else if ( units.equals(MemoryUnits.MB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/1024;
> } else if ( units.equals(MemoryUnits.GB ) ) {
> // already normalized
> } else if ( units.equals(MemoryUnits.TB ) ) {
> normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements*1024;
> }
> return normalizedProcessMemoryRequirements;
> }
> private int getShares(long normalizedProcessMemoryRequirements ) {
> int shares = (int)normalizedProcessMemoryRequirements/shareQuantum;
> // get number of shares
> if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0
> ) shares++; // ciel
> return shares;
> }
> {code}
>
> In the above code snippet, "normalizedProcessMemoryRequirements" is a
> long variable, if it is super large, directly casting "
> normalizedProcessMemoryRequirements" into integer will definitely lead to
> a potential integer overflow.
>
>
> > Potential Integer Overflow
> > --------------------------
> >
> > Key: UIMA-5667
> > URL: https://issues.apache.org/jira/browse/UIMA-5667
> > Project: UIMA
> > Issue Type: Bug
> > Components: DUCC
> > Affects Versions: 2.10.2SDK
> > Reporter: songwanging
> >
> > Our tool DeepTect has detected several potential integer overflow bugs:
> > Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/
> ProcessManagerComponent.java
> > {code:java}
> > private long normalizeMemory(String processMemoryAssignment, MemoryUnits
> units) {
> > // Get user defined memory assignment for the JP
> > long normalizedProcessMemoryRequirements =
> > Long.parseLong(processMemoryAssignment);
> > // Normalize memory requirements for JPs into Gigs
> > if ( units.equals(MemoryUnits.KB ) ) {
> > normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/(1024*1024);
> > } else if ( units.equals(MemoryUnits.MB ) ) {
> > normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements/1024;
> > } else if ( units.equals(MemoryUnits.GB ) ) {
> > // already normalized
> > } else if ( units.equals(MemoryUnits.TB ) ) {
> > normalizedProcessMemoryRequirements = (int)
> normalizedProcessMemoryRequirements*1024;
> > }
> > return normalizedProcessMemoryRequirements;
> > }
> > private int getShares(long normalizedProcessMemoryRequirements ) {
> > int shares = (int)normalizedProcessMemoryRequirements/shareQuantum;
> // get number of shares
> > if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0
> ) shares++; // ciel
> > return shares;
> > }
> > {code}
> > In the above code snippet, "normalizedProcessMemoryRequirements" is a
> long variable, if it is super large, directly casting "
> normalizedProcessMemoryRequirements" into integer (as used in the above
> code snippet) will definitely lead to a potential integer overflow.
>
>
>
> --
> This message was sent by Atlassian JIRA
> (v6.4.14#64029)
>