Calls to ArrayInputStream.skip() may overflow and have unexpected results
-------------------------------------------------------------------------
Key: DERBY-3739
URL: https://issues.apache.org/jira/browse/DERBY-3739
Project: Derby
Issue Type: Bug
Components: Store
Affects Versions: 10.5.0.0
Reporter: Knut Anders Hatlen
Assignee: Knut Anders Hatlen
Priority: Minor
If ArrayInputStream.skip() is called with a large value (like Long.MAX_VALUE)
an internal calculation may overflow and cause unexpected results.
It's the line which says
if ((position + count) > end) {
that can overflow. If count (a long) is so big that position + count doesn't
fit in a long, the condition will evaluate to false although it should have
evaluated to true. Changing the condition to (count > end - position) will fix
the problem. Alternatively, we could simplify the entire method body to:
count = Math.min(count, end - position);
position += count;
return count;
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
