You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "songwanging (JIRA)" <de...@uima.apache.org> on 2017/12/08 19:47:00 UTC
[jira] [Created] (UIMA-5667) Potential Integer Overflow
songwanging created UIMA-5667:
---------------------------------
Summary: Potential Integer Overflow
Key: UIMA-5667
URL: https://issues.apache.org/jira/browse/UIMA-5667
Project: UIMA
Issue Type: Bug
Components: DUCC
Affects Versions: 2.10.2SDK
Reporter: songwanging
Our tool DeepTect has detected several potential integer overflow bugs:
Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
{code:java}
private long normalizeMemory(String processMemoryAssignment, MemoryUnits units) {
// Get user defined memory assignment for the JP
long normalizedProcessMemoryRequirements =
Long.parseLong(processMemoryAssignment);
// Normalize memory requirements for JPs into Gigs
if ( units.equals(MemoryUnits.KB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/(1024*1024);
} else if ( units.equals(MemoryUnits.MB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/1024;
} else if ( units.equals(MemoryUnits.GB ) ) {
// already normalized
} else if ( units.equals(MemoryUnits.TB ) ) {
normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements*1024;
}
return normalizedProcessMemoryRequirements;
}
private int getShares(long normalizedProcessMemoryRequirements ) {
int shares = (int)normalizedProcessMemoryRequirements/shareQuantum; // get number of shares
if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) shares++; // ciel
return shares;
}
{code}
In the above code snippet, "normalizedProcessMemoryRequirements" is a long variable, if it is super large, directly casting "normalizedProcessMemoryRequirements" into integer will definitely lead to a potential integer overflow.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)