Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow potential in SortedRanges.subRangeByPos #664

Closed
jcferretti opened this issue May 24, 2021 · 0 comments
Closed

Integer overflow potential in SortedRanges.subRangeByPos #664

jcferretti opened this issue May 24, 2021 · 0 comments
Assignees
@jcferretti
Labels
bug Something isn't working triage

Comments

@jcferretti
Copy link
Member

The code:

        final long inputRangeSpan = endPos - startPos;
        [...]
        int ansLen = count - i + (brokenInitialRange ? 2 : 1);
        ansLen = Math.min(ansLen, (int) (inputRangeSpan + 1));

has the potential to leave ansLen negative is inputRangeSpan + 1 does not fit on an int.

Charles found the issue after looking for a potential root cause for this exception seen in the wild:

16:09:16.285 ERROR 571924851 where([AutoTuningIncrementalReleaseFilter-290518179[2]]) Merged Listener: Uncaught exception for entry= Entry{clientHost=‘null’, queryName=‘null’, id=1, description=‘where([AutoTuningIncrementalReleaseFilter-290518179[1]]): where([AutoTuningIncrementalReleaseFilter-290518179[2]])’, callerLine=‘Groovy Script’, intervalUsageNanos=10928571, intervalInvocationCount=6, intervalCpuNanos=10928446, intervalUserCpuNanos=10000000, intervalAdded=0, intervalRemoved=0, intervalModified=0, intervalShifted=0, intervalInitialReads=0, intervalInitialReadUsageNanos=0, intervalRepeatReads=0, intervalRepeatReadUsageNanos=0, intervalAllocatedBytes=13656, intervalPoolAllocatedBytes=0, startCpuNanos=0, startUserCpuNanos=0, startTimeNanos=0, startInitialReads=0, startInitialReadNanos=0, startRepeatReads=0, startRepeatReadNanos=0, startAllocatedBytes=0, startPoolAllocatedBytes=0, totalUsedMemory=9731059712, totalFreeMemory=2026648000}: java.lang.NegativeArraySizeException: null
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesLong.makeArray(SortedRangesLong.java:47)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesLong.makeArray(SortedRangesLong.java:5)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesTyped.<init>(SortedRangesTyped.java:13)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesLong.<init>(SortedRangesLong.java:113)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesLong.makeMyTypeAndOffset(SortedRangesLong.java:65)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRangesLong.makeMyTypeAndOffset(SortedRangesLong.java:5)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRanges.subRangesByPos(SortedRanges.java:1076)
        at com.illumon.iris.db.v2.utils.sortedranges.SortedRanges.ixSubindexByPosOnNew(SortedRanges.java:4448)
        at com.illumon.iris.db.v2.utils.TreeIndex.subindexByPos(TreeIndex.java:232)
        at com.illumon.iris.db.v2.select.BaseIncrementalReleaseFilter.filter(BaseIncrementalReleaseFilter.java:75)
        at com.illumon.iris.db.v2.QueryTable.whereInternal(QueryTable.java:1053)
        at com.illumon.iris.db.v2.QueryTable$FilteredTable.doRefilter(QueryTable.java:891)
        at com.illumon.iris.db.v2.QueryTable$FilteredTable.access$700(QueryTable.java:798)
        at com.illumon.iris.db.v2.QueryTable$StaticWhereListener.process(QueryTable.java:3156)
        at com.illumon.iris.db.v2.MergedListener$1.run(MergedListener.java:129)
        at com.illumon.iris.db.tables.live.LiveTableMonitor.runNotification(LiveTableMonitor.java:1306)
        at com.illumon.iris.db.tables.live.LiveTableMonitor.access$1100(LiveTableMonitor.java:69)
        at com.illumon.iris.db.tables.live.LiveTableMonitor$ConcurrentNotificationProcessor.processSatisfiedNotifications(LiveTableMonitor.java:1348)
        at com.illumon.iris.db.tables.live.LiveTableMonitor$LiveTableMonitorThreadFactory.lambda$newThread$0(LiveTableMonitor.java:1804)
        at java.lang.Thread.run(Thread.java:748)
@jcferretti jcferretti added bug Something isn't working triage labels May 24, 2021
@jcferretti jcferretti self-assigned this May 24, 2021
jcferretti pushed a commit to jcferretti/deephaven-core that referenced this issue May 24, 2021
Fix integer overflow in SortedRanges.subRangeByPos. Fixes deephaven#664
e0a8e50
devinrsmith added a commit to devinrsmith/deephaven-core that referenced this issue May 25, 2021
@devinrsmith
Merge remote-tracking branch 'upstream/main' into nightly/fix-nightly…
fd3922d 
…-check

* upstream/main:
  Check documentation labels, fixes deephaven#627 (deephaven#671)
  Fix integer overflow in SortedRanges.invertOnNew.  Fixes deephaven#666. (deephaven#667)
  Fix integer overflow in SortedRanges.subRangeByPos. Fixes deephaven#664 (deephaven#665)
  Deploy example scripts and data (deephaven#562)
  port the numba integration prototype from Enterprise to OSS, fixes feature-523 (deephaven#638)
  Fix IllegalStateException in TwoValuesContainer triggered from Index.insert(Chunk). Fixes deephaven#652. (deephaven#653)
  Javadoc search (deephaven#645)
  Support for jpy integration junit tests (deephaven#632)
  Populate snapshot request in js api, handle optional left table (deephaven#648)
  Fix a link formatting bug in CONTRIBUTING.md (deephaven#629)
devinrsmith added a commit to devinrsmith/deephaven-core that referenced this issue May 28, 2021
@devinrsmith
Merge tag 'v1.0.2' into main
192a15d 
* tag 'v0.0.2': (29 commits)
  Move label information to CI
  remove labels
  try pushing to my own org
  try actor
  Upgrade to GITHUB_TOKEN instead of PAT
  Explicit about docker/build-push-action version
  Explicit about docker/login-action version
  Explicit about docker/setup-buildx-action version
  Remove extraneous comments
  Update docker metadata steps
  Remove top level building of deephaven-jpy in CI, is handled implicitly in grpc-api step
  Fix nightly check (deephaven#641)
  Address `QueryTableTest.testReverseClipping` table reachability bug, and unit test listeners using `RetentionCache` (deephaven#644)
  Rename symbols in .proto files to follow standard conventions (deephaven#674)
  Check documentation labels, fixes deephaven#627 (deephaven#671)
  Fix integer overflow in SortedRanges.invertOnNew.  Fixes deephaven#666. (deephaven#667)
  Fix integer overflow in SortedRanges.subRangeByPos. Fixes deephaven#664 (deephaven#665)
  Deploy example scripts and data (deephaven#562)
  port the numba integration prototype from Enterprise to OSS, fixes feature-523 (deephaven#638)
  Fix IllegalStateException in TwoValuesContainer triggered from Index.insert(Chunk). Fixes deephaven#652. (deephaven#653)
  ...
jmao-denver pushed a commit to jmao-denver/deephaven-core that referenced this issue Apr 11, 2022
@jcferretti @jmao-denver
Fix integer overflow in SortedRanges.subRangeByPos. Fixes deephaven#664
fab8ce0 
… (deephaven#665)

Co-authored-by: Cristian Ferretti <cristianferretti@illumon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jcferretti jcferretti

Labels
bug Something isn't working triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jcferretti