[ https://issues.apache.org/jira/browse/OAK-7228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
angela updated OAK-7228: ------------------------ Description: [~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, which looks as follows: {code} @Override public long getNumEntries(String principalName, long max) { long num = 0; for (PermissionStoreImpl store : stores) { num += store.getNumEntries(principalName, max); if (num >= max) { break; } } return num; } {code} If I am not mistaken this may lead to long overflow similar to the one we spotted it in {{PermissionEntryProviderImpl.init}}. Proposed (but untested fix) could look as follows: {code} @Override public long getNumEntries(String principalName, long max) { long num = 0; for (PermissionStoreImpl store : stores) { num = LongUtils.safeAdd(num, store.getNumEntries(principalName, max)) if (num >= max) { break; } } return num; } {code} wdyt? was: [~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, which looks as follows: {code} @Override public long getNumEntries(String principalName, long max) { long num = 0; for (PermissionStoreImpl store : stores) { num += store.getNumEntries(principalName, max); if (num >= max) { break; } } return num; } {code} If I am not mistaken this may lead to long overflow similar to the one we spotted it in {{PermissionEntryProviderImpl.init}}. Proposed (but untested fix) could look as follows: {code} @Override public long getNumEntries(String principalName, long max) { long num = 0; for (PermissionStoreImpl store : stores) { num = LongUtils.safeAdd(num, store.getNumEntries(principalName, max)) if (num >= max) { break; } } return num; } {code} > Potential long overflow in MountPermissionProvider.getNumEntries > ----------------------------------------------------------------- > > Key: OAK-7228 > URL: https://issues.apache.org/jira/browse/OAK-7228 > Project: Jackrabbit Oak > Issue Type: Bug > Components: core, security > Reporter: angela > Priority: Major > > [~stillalex], just came across {{MountPermissionProvider.getNumEntries}}, > which looks as follows: > {code} > @Override > public long getNumEntries(String principalName, long max) { > long num = 0; > for (PermissionStoreImpl store : stores) { > num += store.getNumEntries(principalName, max); > if (num >= max) { > break; > } > } > return num; > } > {code} > If I am not mistaken this may lead to long overflow similar to the one we > spotted it in {{PermissionEntryProviderImpl.init}}. > Proposed (but untested fix) could look as follows: > {code} > @Override > public long getNumEntries(String principalName, long max) { > long num = 0; > for (PermissionStoreImpl store : stores) { > num = LongUtils.safeAdd(num, > store.getNumEntries(principalName, max)) > if (num >= max) { > break; > } > } > return num; > } > {code} > wdyt? -- This message was sent by Atlassian JIRA (v7.6.3#76005)