You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@uima.apache.org by "Jerry Cwiklik (JIRA)" <de...@uima.apache.org> on 2017/12/11 14:35:01 UTC

[jira] [Closed] (UIMA-5667) Potential Integer Overflow

     [ https://issues.apache.org/jira/browse/UIMA-5667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jerry Cwiklik closed UIMA-5667.
-------------------------------
       Resolution: Fixed
    Fix Version/s: 2.2.2-Ducc

Removed casting to int in normalizeMemory()

> Potential Integer Overflow
> --------------------------
>
>                 Key: UIMA-5667
>                 URL: https://issues.apache.org/jira/browse/UIMA-5667
>             Project: UIMA
>          Issue Type: Bug
>          Components: DUCC
>    Affects Versions: 2.10.2SDK
>            Reporter: songwanging
>             Fix For: 2.2.2-Ducc
>
>
> Our tool DeepTect has detected several potential integer overflow bugs:
> Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
> {code:java}
> private long normalizeMemory(String processMemoryAssignment, MemoryUnits units) {
> 		 //  Get user defined memory assignment for the JP
> 	    long normalizedProcessMemoryRequirements =
> 	            Long.parseLong(processMemoryAssignment);
> 	    // Normalize memory requirements for JPs into Gigs 
> 	    if ( units.equals(MemoryUnits.KB ) ) {
> 	      normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/(1024*1024);
> 	    } else if ( units.equals(MemoryUnits.MB ) ) {
> 	      normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements/1024;
> 	    } else if ( units.equals(MemoryUnits.GB ) ) {
> 	      //  already normalized
> 	    } else if ( units.equals(MemoryUnits.TB ) ) {
> 	      normalizedProcessMemoryRequirements = (int)normalizedProcessMemoryRequirements*1024;
> 	    }
> 	    return normalizedProcessMemoryRequirements;
> 	}
> 	private int getShares(long normalizedProcessMemoryRequirements ) {
> 	    int shares = (int)normalizedProcessMemoryRequirements/shareQuantum;  // get number of shares
> 	    if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) shares++; // ciel
> 	    return shares;
> 	}
> {code}
> In the above code snippet, "normalizedProcessMemoryRequirements" is a long variable, if it is super large, directly casting "normalizedProcessMemoryRequirements" into integer (as used in the above code snippet) will definitely lead to a potential integer overflow.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)