You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by mi...@apache.org on 2014/06/20 05:16:13 UTC
[03/10] git commit: Handle possible integer overflow in
FastByteArrayOutputStream.
Handle possible integer overflow in FastByteArrayOutputStream.
patch by Mikhail Stepura; reviewed by Jonathan Ellis for CASSANDRA-7373
Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/cccdcb5d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/cccdcb5d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/cccdcb5d
Branch: refs/heads/cassandra-2.1
Commit: cccdcb5da9f31b20b7b29a8183434f447f7dd523
Parents: ba103eb
Author: Mikhail Stepura <mi...@apache.org>
Authored: Wed Jun 11 15:21:15 2014 -0700
Committer: Mikhail Stepura <mi...@apache.org>
Committed: Fri Jun 20 14:12:54 2014 +1100
----------------------------------------------------------------------
CHANGES.txt | 1 +
.../apache/cassandra/io/util/FastByteArrayOutputStream.java | 7 +++++--
2 files changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cassandra/blob/cccdcb5d/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 49afb06..186b4a1 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
1.2.17
+ * Handle possible integer overflow in FastByteArrayOutputStream (CASSANDRA-7373)
* cqlsh: 'ascii' values weren't formatted as text (CASSANDRA-7407)
* cqlsh: ignore .cassandra permission errors (CASSANDRA-7266)
* Errors in FlushRunnable may leave threads hung (CASSANDRA-7275)
http://git-wip-us.apache.org/repos/asf/cassandra/blob/cccdcb5d/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java b/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
index 0e95610..60cc64a 100644
--- a/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
+++ b/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
@@ -101,7 +101,9 @@ public class FastByteArrayOutputStream extends OutputStream {
return;
}
- byte[] newbuf = new byte[(count + i) * 2];
+ long expectedExtent = (count + i) * 2L; //long to deal with possible int overflow
+ int newSize = (int) Math.min(Integer.MAX_VALUE - 8, expectedExtent); // MAX_ARRAY_SIZE
+ byte[] newbuf = new byte[newSize];
System.arraycopy(buf, 0, newbuf, 0, count);
buf = newbuf;
}
@@ -209,7 +211,8 @@ public class FastByteArrayOutputStream extends OutputStream {
public void write(byte[] buffer, int offset, int len) {
// avoid int overflow
if (offset < 0 || offset > buffer.length || len < 0
- || len > buffer.length - offset) {
+ || len > buffer.length - offset
+ || this.count + len < 0) {
throw new IndexOutOfBoundsException();
}
if (len == 0) {