Hi, thanks for bringing this up. I will address this issue soon. Jerry
On Fri, Dec 8, 2017 at 2:48 PM, songwanging (JIRA) <[email protected]> wrote: > > [ https://issues.apache.org/jira/browse/UIMA-5667?page= > com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] > > songwanging updated UIMA-5667: > ------------------------------ > Description: > Our tool DeepTect has detected several potential integer overflow bugs: > > Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ > ProcessManagerComponent.java > > > {code:java} > private long normalizeMemory(String processMemoryAssignment, MemoryUnits > units) { > // Get user defined memory assignment for the JP > long normalizedProcessMemoryRequirements = > Long.parseLong(processMemoryAssignment); > // Normalize memory requirements for JPs into Gigs > if ( units.equals(MemoryUnits.KB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/(1024*1024); > } else if ( units.equals(MemoryUnits.MB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/1024; > } else if ( units.equals(MemoryUnits.GB ) ) { > // already normalized > } else if ( units.equals(MemoryUnits.TB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements*1024; > } > return normalizedProcessMemoryRequirements; > } > private int getShares(long normalizedProcessMemoryRequirements ) { > int shares = > (int)normalizedProcessMemoryRequirements/shareQuantum; > // get number of shares > if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 > ) shares++; // ciel > return shares; > } > {code} > > In the above code snippet, "normalizedProcessMemoryRequirements" is a > long variable, if it is super large, directly casting " > normalizedProcessMemoryRequirements" into integer (as used in the above > code snippet) will definitely lead to a potential integer overflow. > > was: > Our tool DeepTect has detected several potential integer overflow bugs: > > Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ > ProcessManagerComponent.java > > > {code:java} > private long normalizeMemory(String processMemoryAssignment, MemoryUnits > units) { > // Get user defined memory assignment for the JP > long normalizedProcessMemoryRequirements = > Long.parseLong(processMemoryAssignment); > // Normalize memory requirements for JPs into Gigs > if ( units.equals(MemoryUnits.KB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/(1024*1024); > } else if ( units.equals(MemoryUnits.MB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/1024; > } else if ( units.equals(MemoryUnits.GB ) ) { > // already normalized > } else if ( units.equals(MemoryUnits.TB ) ) { > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements*1024; > } > return normalizedProcessMemoryRequirements; > } > private int getShares(long normalizedProcessMemoryRequirements ) { > int shares = > (int)normalizedProcessMemoryRequirements/shareQuantum; > // get number of shares > if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 > ) shares++; // ciel > return shares; > } > {code} > > In the above code snippet, "normalizedProcessMemoryRequirements" is a > long variable, if it is super large, directly casting " > normalizedProcessMemoryRequirements" into integer will definitely lead to > a potential integer overflow. > > > > Potential Integer Overflow > > -------------------------- > > > > Key: UIMA-5667 > > URL: https://issues.apache.org/jira/browse/UIMA-5667 > > Project: UIMA > > Issue Type: Bug > > Components: DUCC > > Affects Versions: 2.10.2SDK > > Reporter: songwanging > > > > Our tool DeepTect has detected several potential integer overflow bugs: > > Path: uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ > ProcessManagerComponent.java > > {code:java} > > private long normalizeMemory(String processMemoryAssignment, MemoryUnits > units) { > > // Get user defined memory assignment for the JP > > long normalizedProcessMemoryRequirements = > > Long.parseLong(processMemoryAssignment); > > // Normalize memory requirements for JPs into Gigs > > if ( units.equals(MemoryUnits.KB ) ) { > > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/(1024*1024); > > } else if ( units.equals(MemoryUnits.MB ) ) { > > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements/1024; > > } else if ( units.equals(MemoryUnits.GB ) ) { > > // already normalized > > } else if ( units.equals(MemoryUnits.TB ) ) { > > normalizedProcessMemoryRequirements = (int) > normalizedProcessMemoryRequirements*1024; > > } > > return normalizedProcessMemoryRequirements; > > } > > private int getShares(long normalizedProcessMemoryRequirements ) { > > int shares = > > (int)normalizedProcessMemoryRequirements/shareQuantum; > // get number of shares > > if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 > ) shares++; // ciel > > return shares; > > } > > {code} > > In the above code snippet, "normalizedProcessMemoryRequirements" is a > long variable, if it is super large, directly casting " > normalizedProcessMemoryRequirements" into integer (as used in the above > code snippet) will definitely lead to a potential integer overflow. > > > > -- > This message was sent by Atlassian JIRA > (v6.4.14#64029) >
