[jira] Updated: (DERBY-3739) Skip and read methods in ArrayInputStream may overflow

Thu, 03 Jul 2008 01:13:08 -0700 

     [ 
https://issues.apache.org/jira/browse/DERBY-3739?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Knut Anders Hatlen updated DERBY-3739:
--------------------------------------

    Attachment: ReadOverflow.java
                d3739-read.diff

Here's a fix for read() and readFully(). I didn't add a test case, since it 
seems like the overflow only causes wrong results if the sum of the length of 
the stream and the length of the buffer we read into exceeds Integer.MAX_VALUE, 
*and* the current position is near the end of the stream. Testing it requires a 
very big heap, in fact so big that we need a 64-bit JVM. I have tested it 
manually with the attached ReadOverflow.java (which throws 
ArrayIndexOutOfBoundsException without the fix and successfully reads 32K of 
data with the fix). Although the overflow is unlikely to ever cause any 
problems, the fix is simple and doesn't add any extra complexity or extra 
computation, so I think it would be good to fix it anyway.

> Skip and read methods in ArrayInputStream may overflow
> ------------------------------------------------------
>
>                 Key: DERBY-3739
>                 URL: https://issues.apache.org/jira/browse/DERBY-3739
>             Project: Derby
>          Issue Type: Bug
>          Components: Store
>    Affects Versions: 10.5.0.0
>            Reporter: Knut Anders Hatlen
>            Assignee: Knut Anders Hatlen
>            Priority: Minor
>         Attachments: d3739-read.diff, d3739-skip.diff, d3739-skip.stat, 
> ReadOverflow.java
>
>
> If ArrayInputStream.skip() is called with a large value (like Long.MAX_VALUE) 
> an internal calculation may overflow and cause unexpected results.
> It's the line which says
>     if ((position + count) > end) {
> that can overflow. If count (a long) is so big that position + count doesn't 
> fit in a long, the condition will evaluate to false although it should have 
> evaluated to true. Changing the condition to (count > end - position) will 
> fix the problem. Alternatively, we could simplify the entire method body to:
>     count = Math.min(count, end - position);
>     position += count;
>     return count;

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to