[jira] [Commented] (CASSANDRA-14098) Potential Integer Overflow

Wed, 10 Jul 2019 04:14:43 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-14098?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16881961#comment-16881961
 ] 

Terrence Cooke commented on CASSANDRA-14098:
--------------------------------------------

Yes, the casting of the second argument to Math.min() method  could potential 
cause the wrong min to be returned if a large value produce by the expression: 
(totalRowCountEstimate / keysPerSplit) exceeds the maximum value of type int, 
and thus would be larger than maxSplitCount, meaning that maxSplitCount should 
be returned as the minimum.  However, when casted to int by: 
(int)(totalRowCountEstimate / keysPerSplit), truncating the large value could 
lead to a value less than maxSplitCount, and thus returned as the min when 
maxSplitCount should be returned as the min.

The change made in the attached file (14098-3.0.txt) fixes that scenario by 
instead of casting the argument in Math.min(), it casts the result of the 
Math.min() result. This avoids the wrong min from being returned.


> Potential Integer Overflow
> --------------------------
>
>                 Key: CASSANDRA-14098
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14098
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Legacy/Core
>            Reporter: songwanging
>            Priority: Low
>              Labels: lhf
>         Attachments: 14098-3.0.txt
>
>
> Our tool DeepTect has detected a potential integer overflow: 
> Path: cassandra/src/java/org/apache/cassandra/service/StorageService.java
> {code:java}
> ...
> long totalRowCountEstimate = cfs.estimatedKeysForRange(range);
> ...
>  int splitCount = Math.max(1, Math.min(maxSplitCount, 
> (int)(totalRowCountEstimate / keysPerSplit)));
> {code}
> In the above code snippet, "totalRowCountEstimate" is a long variable, 
> "keysPerSplit" is an integer variable. If "totalRowCountEstimate" is super 
> large, directly casting "(totalRowCountEstimate / keysPerSplit" into integer 
> will definitely lead to a potential integer overflow.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to