Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-3739

Skip and read methods in ArrayInputStream may overflow

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 10.5.1.1
    • Fix Version/s: 10.5.1.1
    • Component/s: Store
    • Labels:
      None

      Description

      If ArrayInputStream.skip() is called with a large value (like Long.MAX_VALUE) an internal calculation may overflow and cause unexpected results.

      It's the line which says

      if ((position + count) > end) {

      that can overflow. If count (a long) is so big that position + count doesn't fit in a long, the condition will evaluate to false although it should have evaluated to true. Changing the condition to (count > end - position) will fix the problem. Alternatively, we could simplify the entire method body to:

      count = Math.min(count, end - position);
      position += count;
      return count;

        Attachments

        1. ReadOverflow.java
          0.5 kB
          Knut Anders Hatlen
        2. d3739-read.diff
          1 kB
          Knut Anders Hatlen
        3. d3739-skip.stat
          0.2 kB
          Knut Anders Hatlen
        4. d3739-skip.diff
          6 kB
          Knut Anders Hatlen

          Activity

            People

            • Assignee:
              knutanders Knut Anders Hatlen
              Reporter:
              knutanders Knut Anders Hatlen
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: