(tomcat) branch 11.0.x updated: Fix a potential integer overflow...

Thu, 30 Apr 2026 08:03:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new 6d2ca0cba3 Fix a potential integer overflow...
6d2ca0cba3 is described below

commit 6d2ca0cba348dd3eccf00feffa3a7bc7baf5220c
Author: Mark Thomas <[email protected]>
AuthorDate: Thu Apr 30 15:46:03 2026 +0100

    Fix a potential integer overflow...
    
    ...when allocating capacity from a connection level window update to
    individual HTTP/2 streams.
    Based on #996 by Mike Tingey Jr.
---
 java/org/apache/coyote/http2/Http2UpgradeHandler.java | 3 ++-
 webapps/docs/changelog.xml                            | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/java/org/apache/coyote/http2/Http2UpgradeHandler.java 
b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
index 101bf0c4ac..475400c5fb 100644
--- a/java/org/apache/coyote/http2/Http2UpgradeHandler.java
+++ b/java/org/apache/coyote/http2/Http2UpgradeHandler.java
@@ -1169,7 +1169,8 @@ class Http2UpgradeHandler extends AbstractStream 
implements InternalHttpUpgradeH
                             break;
                         }
 
-                        int share = (int) 
(s.getConnectionAllocationRequested() * remaining /
+                        // Cast to long during the intermediate calculation to 
avoid integer overflow in multiplication
+                        int share = (int) ((long) 
s.getConnectionAllocationRequested() * remaining /
                                 requestedAllocationForIncrementalStreams);
                         if (share == 0) {
                             share = 1;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 106eaf65fc..abf33f1267 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -209,6 +209,11 @@
         Correct the  validation of pseudo headers and CONNECT requests to align
         Tomcat's behaviour with RFC 9113, section 8.5. (markt)
       </fix>
+      <fix>
+        Fix a potential integer overflow when allocating capacity from a
+        connection level window update to individual HTTP/2 streams. Based on
+        <pr>996</pr> by Mike Tingey Jr. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to