You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Jeremy Hanna (JIRA)" <ji...@apache.org> on 2019/06/13 18:33:03 UTC
[jira] [Updated] (CASSANDRA-14098) Potential Integer Overflow
[ https://issues.apache.org/jira/browse/CASSANDRA-14098?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeremy Hanna updated CASSANDRA-14098:
-------------------------------------
Complexity: Low Hanging Fruit
> Potential Integer Overflow
> --------------------------
>
> Key: CASSANDRA-14098
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14098
> Project: Cassandra
> Issue Type: Bug
> Components: Legacy/Core
> Reporter: songwanging
> Priority: Low
> Labels: lhf
> Attachments: 14098-3.0.txt
>
>
> Our tool DeepTect has detected a potential integer overflow:
> Path: cassandra/src/java/org/apache/cassandra/service/StorageService.java
> {code:java}
> ...
> long totalRowCountEstimate = cfs.estimatedKeysForRange(range);
> ...
> int splitCount = Math.max(1, Math.min(maxSplitCount, (int)(totalRowCountEstimate / keysPerSplit)));
> {code}
> In the above code snippet, "totalRowCountEstimate" is a long variable, "keysPerSplit" is an integer variable. If "totalRowCountEstimate" is super large, directly casting "(totalRowCountEstimate / keysPerSplit" into integer will definitely lead to a potential integer overflow.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org