[OAK-3911] Integer overflow causing incorrect file handling in OakDirectory for file size more than 2 GB - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.0.27, 1.2.11, 1.3.15, 1.4
Component/s: lucene
Labels:
None

Epic Link:
indexer resilience 1.6

Description

In couple of cases we have seen strange error related to invalid seek. In such cases it was seen that file sizes are greater than 2GB. A close inspection of OakDirectory [1] shows that following calls in loadBlob and flushBlob are prone to integer overflow (Thanks tmueller)

int n = (int) Math.min(blobSize, length - index * blobSize);
int n = (int) Math.min(blobSize, length - i * blobSize);

Above both blobSize and index and i are int. And multiplication of 2 int would be int that can cause overflow.

Caused by: java.io.IOException: Invalid seek request
	at org.apache.jackrabbit.oak.plugins.index.lucene.OakDirectory$OakIndexFile.seek(OakDirectory.java:288)
	at org.apache.jackrabbit.oak.plugins.index.lucene.OakDirectory$OakIndexInput.seek(OakDirectory.java:418)
	at org.apache.lucene.codecs.BlockTreeTermsReader.seekDir(BlockTreeTermsReader.java:223)
	at org.apache.lucene.codecs.BlockTreeTermsReader.<init>(BlockTreeTermsReader.java:142)

[1] https://github.com/apache/jackrabbit-oak/blob/trunk/oak-lucene/src/main/java/org/apache/jackrabbit/oak/plugins/index/lucene/OakDirectory.java#L361

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OAK-3911-v1.patch
22/Jan/16 12:26
1 kB
Chetan Mehrotra

Issue Links

relates to

OAK-2388 Possibility of overflow in file length calculation

Closed

Activity

People

Assignee:: Chetan Mehrotra

Reporter:: Chetan Mehrotra

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Jan/16 12:10

Updated:: 08/Oct/19 15:22

Resolved:: 25/Jan/16 05:37