Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Broker-J
    • Labels:
      None

      Description

      Our tool DeepTect has detected a potential integer overflow:

      Path: qpid-broker-j/broker-core/src/main/java/org/apache/qpid/server/queue/MessageContentJsonConverter.java

      class MessageContentJsonConverter
      {
      ...
      private long _remaining;
      ...
      private Object copyString(final String source) throws IOException{
      ...
      limit=Math.min((int)_remaining,source.length())
      ..
      }
      ...
      }
      

      In the above code snippet, "_remaining" is a long variable, if it is super large, directly casting "_remaining" into integer will definitely lead to a potential integer overflow.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              songwang songwanging
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: