[jira] [Closed] (UIMA-5667) Potential Integer Overflow

Mon, 11 Dec 2017 06:35:19 -0800 

     [ 
https://issues.apache.org/jira/browse/UIMA-5667?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jerry Cwiklik closed UIMA-5667.
-------------------------------
       Resolution: Fixed
    Fix Version/s: 2.2.2-Ducc

Removed casting to int in normalizeMemory()

> Potential Integer Overflow
> --------------------------
>
>                 Key: UIMA-5667
>                 URL: https://issues.apache.org/jira/browse/UIMA-5667
>             Project: UIMA
>          Issue Type: Bug
>          Components: DUCC
>    Affects Versions: 2.10.2SDK
>            Reporter: songwanging
>             Fix For: 2.2.2-Ducc
>
>
> Our tool DeepTect has detected several potential integer overflow bugs:
> Path: 
> uima-ducc/uima-ducc-pm/src/main/java/org/apache/uima/ducc/pm/ProcessManagerComponent.java
> {code:java}
> private long normalizeMemory(String processMemoryAssignment, MemoryUnits 
> units) {
>                //  Get user defined memory assignment for the JP
>           long normalizedProcessMemoryRequirements =
>                   Long.parseLong(processMemoryAssignment);
>           // Normalize memory requirements for JPs into Gigs 
>           if ( units.equals(MemoryUnits.KB ) ) {
>             normalizedProcessMemoryRequirements = 
> (int)normalizedProcessMemoryRequirements/(1024*1024);
>           } else if ( units.equals(MemoryUnits.MB ) ) {
>             normalizedProcessMemoryRequirements = 
> (int)normalizedProcessMemoryRequirements/1024;
>           } else if ( units.equals(MemoryUnits.GB ) ) {
>             //  already normalized
>           } else if ( units.equals(MemoryUnits.TB ) ) {
>             normalizedProcessMemoryRequirements = 
> (int)normalizedProcessMemoryRequirements*1024;
>           }
>           return normalizedProcessMemoryRequirements;
>       }
>       private int getShares(long normalizedProcessMemoryRequirements ) {
>           int shares = (int)normalizedProcessMemoryRequirements/shareQuantum; 
>  // get number of shares
>           if ( (normalizedProcessMemoryRequirements % shareQuantum) > 0 ) 
> shares++; // ciel
>           return shares;
>       }
> {code}
> In the above code snippet, "normalizedProcessMemoryRequirements" is a long 
> variable, if it is super large, directly casting 
> "normalizedProcessMemoryRequirements" into integer (as used in the above code 
> snippet) will definitely lead to a potential integer overflow.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to