Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14098

Potential Integer Overflow

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Awaiting Feedback
    • Priority: Low
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Legacy/Core
    • Labels:
    • Severity:
      Low
    • Complexity:
      Low Hanging Fruit

      Description

      Our tool DeepTect has detected a potential integer overflow:

      Path: cassandra/src/java/org/apache/cassandra/service/StorageService.java

      ...
      long totalRowCountEstimate = cfs.estimatedKeysForRange(range);
      ...
       int splitCount = Math.max(1, Math.min(maxSplitCount, (int)(totalRowCountEstimate / keysPerSplit)));
      

      In the above code snippet, "totalRowCountEstimate" is a long variable, "keysPerSplit" is an integer variable. If "totalRowCountEstimate" is super large, directly casting "(totalRowCountEstimate / keysPerSplit" into integer will definitely lead to a potential integer overflow.

        Attachments

        1. 14098-3.0.txt
          1 kB
          Vasily Vasilkov

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              songwang songwanging
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated: