[jira] [Updated] (ARTEMIS-4706) TAINTED_INT.LOOP.MIGHT possible loop freeze

Sat, 30 Mar 2024 02:21:26 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4706?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrey Slepykh updated ARTEMIS-4706:
------------------------------------
    Description: 
LineĀ 
[60|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/scram/ScramUtils.java#L60]
 declares a loop based on the "iterationsCount" variable. But the variable is 
checked only for the minimum value and is not checked in any way for the 
maximum, which can lead to a large computational load for the program

!Screenshot from 2024-03-30 12-16-32.png!

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author: Firsov Vladimir.

  was:
Line <a 
href=https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/scram/ScramUtils.java#L60
 target=_blank>60</a> declares a loop based on the "iterationsCount" variable. 
But the variable is checked only for the minimum value and is not checked in 
any way for the maximum, which can lead to a large computational load for the 
program

!Screenshot from 2024-03-30 12-16-32.png!

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author: Firsov Vladimir.


> TAINTED_INT.LOOP.MIGHT possible loop freeze
> -------------------------------------------
>
>                 Key: ARTEMIS-4706
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4706
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>          Components: ActiveMQ-Artemis-Native
>    Affects Versions: 2.25.0
>            Reporter: Andrey Slepykh
>            Assignee: Clebert Suconic
>            Priority: Major
>         Attachments: Screenshot from 2024-03-30 12-16-32.png
>
>
> LineĀ 
> [60|https://github.com/apache/activemq-artemis/blob/fb1b362b473cad51ae5d05a897be02b1fa8461d4/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/scram/ScramUtils.java#L60]
>  declares a loop based on the "iterationsCount" variable. But the variable is 
> checked only for the minimum value and is not checked in any way for the 
> maximum, which can lead to a large computational load for the program
> !Screenshot from 2024-03-30 12-16-32.png!
> Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
> Author: Firsov Vladimir.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to