Uploaded image for project: 'Lucene - Core'
  1. Lucene - Core
  2. LUCENE-8720

Integer overflow bug in NameIntCacheLRU.makeRoomLRU()

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.7.1
    • Fix Version/s: 7.7.2, 8.1, master (9.0)
    • Component/s: core/search
    • Labels:
    • Environment:

      Mac OS X 10.11.6 but this bug is not affected by the environment because it is a straightforward integer overflow bug.

    • Lucene Fields:
      New
    • Review Patch?:
      Yes

      Description

      The NameIntCacheLRU.makeRoomLRU() method has an integer overflow bug because if maxCacheSize >= Integer.MAX_VALUE/2, 2*maxCacheSize will overflow to -(2^30) and the value of n will overflow to a negative integer as well, which will prevent any clearing of the cache whatsoever. Hence, performance will degrade once the cache becomes full because it will be impossible to remove any entries in order to add new entries to the cache.

      Moreover, comments in NameIntCacheLRU.java and LruTaxonomyWriterCache.java indicate that 2/3 of the cache will be cleared, whereas in fact only 1/3 of the cache is cleared. So as not to change the behavior of the NameIntCacheLRU.makeRoomLRU() method, I have not changed the code to clear 2/3 of the cache but instead I have changed the comments to indicate that 1/3 of the cache is cleared.

        Attachments

        1. LUCENE-NNNN.patch
          2 kB
          Russell A Brown

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              kirigirisu Russell A Brown
            • Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: