Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3739

Skip and read methods in ArrayInputStream may overflow

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • 10.5.1.1
    • 10.5.1.1
    • Store
    • None

    Description

      If ArrayInputStream.skip() is called with a large value (like Long.MAX_VALUE) an internal calculation may overflow and cause unexpected results.

      It's the line which says

      if ((position + count) > end) {

      that can overflow. If count (a long) is so big that position + count doesn't fit in a long, the condition will evaluate to false although it should have evaluated to true. Changing the condition to (count > end - position) will fix the problem. Alternatively, we could simplify the entire method body to:

      count = Math.min(count, end - position);
      position += count;
      return count;

      Attachments

        1. d3739-read.diff
          1 kB
          Knut Anders Hatlen
        2. d3739-skip.diff
          6 kB
          Knut Anders Hatlen
        3. d3739-skip.stat
          0.2 kB
          Knut Anders Hatlen
        4. ReadOverflow.java
          0.5 kB
          Knut Anders Hatlen

        Activity

          People

            knutanders Knut Anders Hatlen
            knutanders Knut Anders Hatlen
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: