Author: kkolinko
Date: Fri May 21 00:56:52 2010
New Revision: 946841
URL: http://svn.apache.org/viewvc?rev=946841&view=rev
Log:
Fix possible overflows when calculating session statistics.
It fixes a) miscalculating the "average" because of multiplication overflow,
and b) possible ArithmeticException division by zero when numExpired overflows.
The fix for trunk was provided by r934337.
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=946841&r1=946840&r2=946841&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Fri May 21 00:56:52 2010
@@ -93,21 +93,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt
-1:
-* sessionCounter and expiredSessions declares as long instead of int.
- http://svn.apache.org/viewvc?view=revision&revision=934337
- +1: kfujino
- -1: kkolinko: I think that we cannot change o.a.c.Manager API in such way
- in a dot release. Alternative proposal below.
- -1: markt: We can't change the API in 6. It will have to wait until 7.
-
-* Fix possible overflows when calculating session statistics
- Fixes a) miscalculating the "average" because of multiplication overflow,
- b) ArithmeticException division by zero when numExpired overflows.
- The fix for trunk is already provided by r934337.
-
http://people.apache.org/~kkolinko/patches/2010-04-21_tc6_StandardSession_statistics.patch
- +1: kkolinko, markt, rjung
- -1:
-
* Improve the ChatServlet comet example and fix some issues there
http://svn.apache.org/viewvc?rev=935105&view=rev
+1: kkolinko, markt, rjung
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java?rev=946841&r1=946840&r2=946841&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/session/StandardSession.java
Fri May 21 00:56:52 2010
@@ -750,10 +750,15 @@ public class StandardSession
manager.setSessionMaxAliveTime(timeAlive);
}
int numExpired = manager.getExpiredSessions();
- numExpired++;
- manager.setExpiredSessions(numExpired);
+ if (numExpired < Integer.MAX_VALUE) {
+ numExpired++;
+ manager.setExpiredSessions(numExpired);
+ }
+
int average = manager.getSessionAverageAliveTime();
- average = ((average * (numExpired-1)) + timeAlive)/numExpired;
+ // Using long, as otherwise (average * numExpired) might
overflow
+ average = (int) (((((long) average) * (numExpired - 1)) +
timeAlive)
+ / numExpired);
manager.setSessionAverageAliveTime(average);
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=946841&r1=946840&r2=946841&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri May 21 00:56:52 2010
@@ -122,6 +122,9 @@
<bug>49245</bug>: Fix session expiration check in cross-context
requests. (markt)
</fix>
+ <fix>
+ Fix possible overflows when calculating session statistics. (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
