Author: kkolinko
Date: Fri May 21 00:53:27 2010
New Revision: 946840
URL: http://svn.apache.org/viewvc?rev=946840&view=rev
Log:
Fix possible overflows when calculating session statistics.
It fixes a) miscalculating the "average" because of multiplication overflow,
and b) possible ArithmeticException division by zero when numExpired overflows.
The fix for trunk was provided by r934337.
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=946840&r1=946839&r2=946840&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Fri May 21 00:53:27 2010
@@ -71,14 +71,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt, kkolinko
-1:
-* Fix possible overflows when calculating session statistics
- Fixes a) miscalculating the "average" because of multiplication overflow,
- b) ArithmeticException division by zero when numExpired overflows.
- The fix for trunk is already provided by r934337.
-
http://people.apache.org/~kkolinko/patches/2010-04-21_tc6_StandardSession_statistics.patch
- +1: kkolinko, markt, rjung
- -1:
-
* Configure Tomcat to use HttpOnly for session cookies by default
http://people.apache.org/~kkolinko/patches/2010-04-21_tc55_context_httpOnly.patch
+1: kkolinko
Modified:
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java?rev=946840&r1=946839&r2=946840&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
(original)
+++
tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/session/StandardSession.java
Fri May 21 00:53:27 2010
@@ -758,10 +758,15 @@ public class StandardSession
manager.setSessionMaxAliveTime(timeAlive);
}
int numExpired = manager.getExpiredSessions();
- numExpired++;
- manager.setExpiredSessions(numExpired);
+ if (numExpired < Integer.MAX_VALUE) {
+ numExpired++;
+ manager.setExpiredSessions(numExpired);
+ }
+
int average = manager.getSessionAverageAliveTime();
- average = ((average * (numExpired-1)) + timeAlive)/numExpired;
+ // Using long, as otherwise (average * numExpired) might
overflow
+ average = (int) (((((long) average) * (numExpired - 1)) +
timeAlive)
+ / numExpired);
manager.setSessionAverageAliveTime(average);
}
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=946840&r1=946839&r2=946840&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Fri May 21
00:53:27 2010
@@ -79,6 +79,9 @@
Ensure all required i18n messages are present for the APR/native
Listener. (kkolinko)
</fix>
+ <fix>
+ Fix possible overflows when calculating session statistics. (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
