Opened 8 years ago

Closed 8 years ago

#361 closed defect (fixed)

Integer overflow in MetaInfo.getPieceLength(int piece)

Reported by: John Doo Owned by: zzz
Priority: major Milestone: 0.8.3
Component: apps/i2psnark Version: 0.8
Keywords: Cc:
Parent Tickets:

Description

MetaInfo?.getPieceLength contains a potential integer overflow that can occur when in torrents > Integer.MAX_VALUE the size of the last piece is requested.

The fault is in the following line:

return (int)(length - piece * piece_length);

Although length is declared as long, piece and piece_length are of type int. So int*int evaluates to int again before the result is subtracted from length.

Solution:

return (int)(length - (long)piece * piece_length);

Optionally insert an assertion before returning the result:

assert (length-(long)piece*piece_length) < Integer.MAX_VALUE : "length: "+length+", piece: "+piece+", piece_length: "+piece_length;

I wish you all a Merry Christmas!
John Doo

Subtickets

Change History (2)

comment:1 Changed 8 years ago by zzz

  • Milestone set to 0.8.3
  • Owner set to zzz
  • Status changed from new to accepted

comment:2 Changed 8 years ago by zzz

  • Resolution set to fixed
  • Status changed from accepted to closed

Fixed in 0.8.2-2

Note: See TracTickets for help on using tickets.