You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by mi...@apache.org on 2014/06/20 05:16:13 UTC

[03/10] git commit: Handle possible integer overflow in FastByteArrayOutputStream.

Handle possible integer overflow in FastByteArrayOutputStream.

patch by Mikhail Stepura; reviewed by Jonathan Ellis for CASSANDRA-7373


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/cccdcb5d
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/cccdcb5d
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/cccdcb5d

Branch: refs/heads/cassandra-2.1
Commit: cccdcb5da9f31b20b7b29a8183434f447f7dd523
Parents: ba103eb
Author: Mikhail Stepura <mi...@apache.org>
Authored: Wed Jun 11 15:21:15 2014 -0700
Committer: Mikhail Stepura <mi...@apache.org>
Committed: Fri Jun 20 14:12:54 2014 +1100

----------------------------------------------------------------------
 CHANGES.txt                                                   | 1 +
 .../apache/cassandra/io/util/FastByteArrayOutputStream.java   | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/cccdcb5d/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 49afb06..186b4a1 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 1.2.17
+ * Handle possible integer overflow in FastByteArrayOutputStream (CASSANDRA-7373)
  * cqlsh: 'ascii' values weren't formatted as text (CASSANDRA-7407)
  * cqlsh: ignore .cassandra permission errors (CASSANDRA-7266)
  * Errors in FlushRunnable may leave threads hung (CASSANDRA-7275)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/cccdcb5d/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java b/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
index 0e95610..60cc64a 100644
--- a/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
+++ b/src/java/org/apache/cassandra/io/util/FastByteArrayOutputStream.java
@@ -101,7 +101,9 @@ public class FastByteArrayOutputStream extends OutputStream {
             return;
         }
 
-        byte[] newbuf = new byte[(count + i) * 2];
+        long expectedExtent = (count + i) * 2L; //long to deal with possible int overflow
+        int newSize = (int) Math.min(Integer.MAX_VALUE - 8, expectedExtent); // MAX_ARRAY_SIZE
+        byte[] newbuf = new byte[newSize];
         System.arraycopy(buf, 0, newbuf, 0, count);
         buf = newbuf;
     }
@@ -209,7 +211,8 @@ public class FastByteArrayOutputStream extends OutputStream {
     public void write(byte[] buffer, int offset, int len) {
         // avoid int overflow
         if (offset < 0 || offset > buffer.length || len < 0
-                || len > buffer.length - offset) {
+                || len > buffer.length - offset
+                || this.count + len < 0) {
             throw new IndexOutOfBoundsException();
         }
         if (len == 0) {