You are viewing a plain text version of this content. The canonical link for it is here.

Posted to oak-issues@jackrabbit.apache.org by "Chetan Mehrotra (JIRA)" <ji...@apache.org> on 2015/01/10 20:01:34 UTC

[jira] [Created] (OAK-2388) Possibility of overflow in file length calculation

Chetan Mehrotra created OAK-2388:
------------------------------------

             Summary: Possibility of overflow in file length calculation
                 Key: OAK-2388
                 URL: https://issues.apache.org/jira/browse/OAK-2388
             Project: Jackrabbit Oak
          Issue Type: Bug
          Components: oak-lucene
            Reporter: Chetan Mehrotra
            Assignee: Chetan Mehrotra
             Fix For: 1.0.10, 1.1.5


In OakDirectory the length of a file is calculated in following way

{code:title=OakDirectory|linenumbers=true}
        public OakIndexFile(String name, NodeBuilder file) {
            ...
            this.blobSize = determineBlobSize(file);
            this.blob = new byte[blobSize];

            PropertyState property = file.getProperty(JCR_DATA);
            if (property != null && property.getType() == BINARIES) {
                this.data = newArrayList(property.getValue(BINARIES));
            } else {
                this.data = newArrayList();
            }

            this.length = data.size() * blobSize;
            if (!data.isEmpty()) {
                Blob last = data.get(data.size() - 1);
                this.length -= blobSize - last.length();
            }
{code}

In above calculation its possible to have an overflow in

bq. this.length = data.size() * blobSize;

As multiplication of two integers result in an integer [1]

[1] http://stackoverflow.com/questions/12861893/casting-result-of-multiplication-two-positive-integers-to-long-is-negative-value



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)