changelog.xml

markt Tue, 18 Mar 2014 03:33:15 -0700

Author: markt
Date: Tue Mar 18 10:32:16 2014
New Revision: 1578814

URL: http://svn.apache.org/r1578814
Log:
Fix possible overflow when parsing long values from a byte array.


Added:
    tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/buf/TestAscii.java   
(props changed)
      - copied unchanged from r1578812, 
tomcat/trunk/test/org/apache/tomcat/util/buf/TestAscii.java
Modified:
    tomcat/tc7.0.x/trunk/   (props changed)
    tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc7.0.x/trunk/
------------------------------------------------------------------------------
  Merged /tomcat/trunk:r1578812-1578813

Modified: tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java?rev=1578814&r1=1578813&r2=1578814&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java (original)
+++ tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java Tue Mar 18 
10:32:16 2014
@@ -40,10 +40,11 @@ public final class Ascii {
     private static final boolean[] isWhite = new boolean[256];
     private static final boolean[] isDigit = new boolean[256];
 
+    private static final long OVERFLOW_LIMIT = Long.MAX_VALUE / 10;
+
     /*
      * Initialize character translation and type tables.
      */
-
     static {
         for (int i = 0; i < 256; i++) {
             toUpper[i] = (byte)i;
@@ -206,19 +207,12 @@ public final class Ascii {
         }
 
         long n = c - '0';
-        long m;
-
         while (--len > 0) {
-            if (!isDigit(c = b[off++])) {
-                throw new NumberFormatException();
-            }
-            m = n * 10 + c - '0';
-
-            if (m < n) {
-                // Overflow
-                throw new NumberFormatException();
+            if (isDigit(c = b[off++]) &&
+                    (n < OVERFLOW_LIMIT || (n == OVERFLOW_LIMIT && (c - '0') < 
8))) {
+                n = n * 10 + c - '0';
             } else {
-                n = m;
+                throw new NumberFormatException();
             }
         }
 

Propchange: tomcat/tc7.0.x/trunk/test/org/apache/tomcat/util/buf/TestAscii.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1578814&r1=1578813&r2=1578814&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Mar 18 10:32:16 2014
@@ -120,6 +120,10 @@
         and use a bit shift instead of a multiplication as it is marginally
         faster. (markt/kkolinko)
       </fix>
+      <fix>
+        Fix possible overflow when parsing long values from a byte array.
+        (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1578814 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/buf/Ascii.java test/org/apache/tomcat/util/buf/TestAscii.java webapps/docs/changelog.xml

Reply via email to