You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Chetan Mehrotra (JIRA)" <ji...@apache.org> on 2015/01/10 20:01:34 UTC
[jira] [Created] (OAK-2388) Possibility of overflow in file length
calculation
Chetan Mehrotra created OAK-2388:
------------------------------------
Summary: Possibility of overflow in file length calculation
Key: OAK-2388
URL: https://issues.apache.org/jira/browse/OAK-2388
Project: Jackrabbit Oak
Issue Type: Bug
Components: oak-lucene
Reporter: Chetan Mehrotra
Assignee: Chetan Mehrotra
Fix For: 1.0.10, 1.1.5
In OakDirectory the length of a file is calculated in following way
{code:title=OakDirectory|linenumbers=true}
public OakIndexFile(String name, NodeBuilder file) {
...
this.blobSize = determineBlobSize(file);
this.blob = new byte[blobSize];
PropertyState property = file.getProperty(JCR_DATA);
if (property != null && property.getType() == BINARIES) {
this.data = newArrayList(property.getValue(BINARIES));
} else {
this.data = newArrayList();
}
this.length = data.size() * blobSize;
if (!data.isEmpty()) {
Blob last = data.get(data.size() - 1);
this.length -= blobSize - last.length();
}
{code}
In above calculation its possible to have an overflow in
bq. this.length = data.size() * blobSize;
As multiplication of two integers result in an integer [1]
[1] http://stackoverflow.com/questions/12861893/casting-result-of-multiplication-two-positive-integers-to-long-is-negative-value
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)