Opened 9 years ago

Closed 9 years ago

#361 closed defect (fixed)

Integer overflow in MetaInfo.getPieceLength(int piece)

Reported by: John Doo Owned by: zzz
Priority: major Milestone: 0.8.3
Component: apps/i2psnark Version: 0.8
Keywords: Cc:
Parent Tickets: Sensitive: no

Description

MetaInfo?.getPieceLength contains a potential integer overflow that can occur when in torrents > Integer.MAX_VALUE the size of the last piece is requested.

The fault is in the following line:

return (int)(length - piece * piece_length);

Although length is declared as long, piece and piece_length are of type int. So int*int evaluates to int again before the result is subtracted from length.

Solution:

return (int)(length - (long)piece * piece_length);

Optionally insert an assertion before returning the result:

assert (length-(long)piece*piece_length) < Integer.MAX_VALUE : "length: "+length+", piece: "+piece+", piece_length: "+piece_length;

I wish you all a Merry Christmas!
John Doo

Subtickets

Change History (2)

comment:1 Changed 9 years ago by zzz

Milestone: 0.8.3
Owner: set to zzz
Status: newaccepted

comment:2 Changed 9 years ago by zzz

Resolution: fixed
Status: acceptedclosed

Fixed in 0.8.2-2

Note: See TracTickets for help on using tickets.