[
https://issues.apache.org/jira/browse/IMAGING-326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gary D. Gregory updated IMAGING-326:
------------------------------------
Fix Version/s: 1.0.0-alpha6
(was: 1.0.0-alpha5)
> Use JDK's multiplyExact to avoid integer overflows
> --------------------------------------------------
>
> Key: IMAGING-326
> URL: https://issues.apache.org/jira/browse/IMAGING-326
> Project: Commons Imaging
> Issue Type: Improvement
> Components: imaging.*
> Affects Versions: 1.0-alpha2
> Reporter: Bruno P. Kinoshita
> Assignee: Bruno P. Kinoshita
> Priority: Blocker
> Fix For: 1.0.0-alpha6
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> See PR
> [https://github.com/apache/commons-imaging/pull/196#discussion_r790148843]
> for context.
> Integer overflow is a common source of problems in Imaging. The work on this
> issue is to address when that could happen and prevent it of doing so.
> Java 8 includes methods like
> [multiplyExact|https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Math.html#multiplyExact(int,int)]
> which are convenient for us.
> NOTE: we should start fixing it by the integer overflow in the PR linked
> above. Then go over the rest of the code, applying it to other places where
> integers are multipled/added/etc, and where the values could result in OOM or
> other annoying security issues (i.e. we don't need to blindly replace every +
> operation by addExactly).
> -Bruno
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
