You are viewing a plain text version of this content. The canonical link for it is here.
Posted to log4j-dev@logging.apache.org by "Gary Gregory (JIRA)" <ji...@apache.org> on 2015/03/21 18:03:40 UTC
[jira] [Resolved] (LOG4J2-980) Numerical overflow in BurstFilter
not handled correctly
[ https://issues.apache.org/jira/browse/LOG4J2-980?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Gary Gregory resolved LOG4J2-980.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.3
Mikhail,
Thank you for the report. I've applied a patch inspired by the patch you provided. You may wish to study it. In particular, it keeps the {{LogDelay}} class private and reuses the {{Long.compare(long, long)}} method.
Please review and close.
Thank you again and keep the patches coming
Gary
> Numerical overflow in BurstFilter not handled correctly
> -------------------------------------------------------
>
> Key: LOG4J2-980
> URL: https://issues.apache.org/jira/browse/LOG4J2-980
> Project: Log4j 2
> Issue Type: Bug
> Components: Filters
> Affects Versions: 2.2
> Reporter: Mikhail Mazurskiy
> Priority: Trivial
> Fix For: 2.3
>
> Attachments: LOG4J2-980.patch
>
>
> {{org.apache.logging.log4j.core.filter.BurstFilter.LogDelay#compareTo}} is implemented with mistake - it does not account for numerical overflow (negative values). I.e. [System.nanoTime() JavaDocs|http://docs.oracle.com/javase/8/docs/api/java/lang/System.html#nanoTime--] say:
> {quote}
> To compare two nanoTime values
> long t0 = System.nanoTime();
> ...
> long t1 = System.nanoTime();
> one should use t1 - t0 < 0, not t1 < t0, because of the possibility of numerical overflow.
> {quote}
> but the mentioned method compares values directly.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org