[jira] [Commented] (YARN-11964) Resource.castToIntSafely() should clamp negative values to 0 to prevent propagation of invalid resource counts

[Ryu Kobayashi (Jira)]

    [ 
https://issues.apache.org/jira/browse/YARN-11964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18083435#comment-18083435
 ] 

Ryu Kobayashi commented on YARN-11964:
--------------------------------------

I see. I received an error saying there were no tests, so I added some.

> Resource.castToIntSafely() should clamp negative values to 0 to prevent 
> propagation of invalid resource counts
> --------------------------------------------------------------------------------------------------------------
>
>                 Key: YARN-11964
>                 URL: https://issues.apache.org/jira/browse/YARN-11964
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: resourcemanager
>    Affects Versions: 3.4.3
>            Reporter: Ryu Kobayashi
>            Assignee: Ryu Kobayashi
>            Priority: Minor
>              Labels: pull-request-available
>
>   h2. Problem
>   Resource.castToIntSafely() clamps values exceeding Integer.MAX_VALUE to 
> Integer.MAX_VALUE,
>   but silently passes through negative values. The method comment states
>   "This method assumes resource value is positive", however this assumption
>   is not guaranteed in practice.
>   When YARN RM temporarily reports negative available resources
>   (e.g. due to overload, node failures, or transient resource calculation 
> errors),
>   the negative value is propagated as-is to callers.
>   h2. Root Cause
>   The method only guards against positive overflow:
>   {code:java}
>   protected static int castToIntSafely(long value) {
>       if (value > Integer.MAX_VALUE) {
>         return Integer.MAX_VALUE;
>       }
>       return Long.valueOf(value).intValue();
>   }
>   {code}
>   There is no guard for negative values. When a negative long is passed,
>   it is returned as a negative int, which can cause unexpected behavior
>   in downstream components that assume resource values are non-negative.
>   h2. Impact
>   Downstream components that rely on this method receiving a non-negative int
>   may compute invalid results (e.g. negative slot counts, illegal collection 
> sizes)
>   when YARN temporarily reports negative available resources.
>   h2. Fix
>   Return 0 when value < 0, consistent with the existing behavior of
>   clamping out-of-range values to a safe boundary:
>   {code:java}
>   protected static int castToIntSafely(long value) {
>       if (value < 0) {
>         return 0;
>       }
>       if (value > Integer.MAX_VALUE) {
>         return Integer.MAX_VALUE;
>       }
>       return Long.valueOf(value).intValue();
>   }
>   {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org