Author: markt
Date: Sun Mar 23 09:02:34 2014
New Revision: 1580473
URL: http://svn.apache.org/r1580473
Log:
Fix possible overflow when parsing long values from a byte array.
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1578812-1578813
Merged /tomcat/tc7.0.x/trunk:r1578814
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1580473&r1=1580472&r2=1580473&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Sun Mar 23 09:02:34 2014
@@ -49,11 +49,6 @@ PATCHES PROPOSED TO BACKPORT:
remm: no need to add i18n for something that will not happen
-1:
-* Fix possible overflow when parsing long values from a byte array.
- http://people.apache.org/~markt/patches/2014-03-18-ascii-tc6.patch
- +1: markt, kkolinko, schultz, remm
- -1:
-
* Fix http://issues.apache.org/bugzilla/show_bug.cgi?id=56283
Add Java 8 support to Jasper's default configuration
http://people.apache.org/~markt/patches/2014-03-19-Jasper-Java8-tc6-v1.patch
Modified: tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java?rev=1580473&r1=1580472&r2=1580473&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/Ascii.java Sun Mar 23
09:02:34 2014
@@ -41,10 +41,11 @@ public final class Ascii {
private static final boolean[] isWhite = new boolean[256];
private static final boolean[] isDigit = new boolean[256];
+ private static final long OVERFLOW_LIMIT = Long.MAX_VALUE / 10;
+
/*
* Initialize character translation and type tables.
*/
-
static {
for (int i = 0; i < 256; i++) {
toUpper[i] = (byte)i;
@@ -196,19 +197,12 @@ public final class Ascii {
}
long n = c - '0';
- long m;
-
while (--len > 0) {
- if (!isDigit(c = b[off++])) {
- throw new NumberFormatException();
- }
- m = n * 10 + c - '0';
-
- if (m < n) {
- // Overflow
- throw new NumberFormatException();
+ if (isDigit(c = b[off++]) &&
+ (n < OVERFLOW_LIMIT || (n == OVERFLOW_LIMIT && (c - '0') <
8))) {
+ n = n * 10 + c - '0';
} else {
- n = m;
+ throw new NumberFormatException();
}
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1580473&r1=1580472&r2=1580473&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Sun Mar 23 09:02:34 2014
@@ -75,6 +75,10 @@
and use a bit shift instead of a multiplication as it is marginally
faster. (markt/kkolinko)
</fix>
+ <fix>
+ Fix possible overflow when parsing long values from a byte array.
+ (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
