dev@glassfish.java.net

Re: patch review request for int-> long overflows

From: Satish Kumar <Satish.Kumar_at_Sun.COM>
Date: Wed, 30 Sep 2009 15:40:15 +0530

Hi Dies,

I am fine with the changes to ActiveJMSResourceAdapter. Pls commit the
changes.

Thx,
Satish
Dies Koper wrote:
> Thanks for your quick replies.
>
> I believe the following are still left:
>
> JMX cmd (Lloyd?):
> Index: extras/jmxcmd/src/main/java/com/sun/cli/jmxcmd/cmd/MonitorCmd.java
>
> JTS/JTA (Marina?):
> Index:
> transaction/jts/src/main/java/com/sun/jts/utils/RecoveryHooks/FailureInducer.java
>
> Index:
> transaction/jts/src/main/java/com/sun/jts/CosTransactions/TimeoutManager.java
>
> Index:
> transaction/jts/src/main/java/com/sun/jts/CosTransactions/DelegatedTimeoutManager.java
>
> Index:
> transaction/jts/src/main/java/com/sun/jts/jta/TransactionServiceProperties.java
>
>
> admin/server-mgt (Siraj?):
> Index:
> admin/server-mgmt/src/main/java/com/sun/enterprise/admin/servermgmt/pe/InstanceTimer.java
>
>
> JMS (Satish):
> Index:
> jms/jms-core/src/main/java/com/sun/enterprise/connectors/jms/system/ActiveJmsResourceAdapter.java
>
>
> Thanks,
> Dies
>
>
> Shalini Muthukrishnan wrote:
>> Hi Dies,
>>
>> The ConnectionPool.java fix looks good.
>>
>> Thanks,
>> Shalini.
>>
>> Dies Koper wrote:
>>> Hi Ken, Jan, Marina, Hong, Shalini, Jagadish, Lloyd,
>>>
>>> In April I found and fixed an issue in JTA where the multiplication of
>>> two integers and a subsequent cast to a long led to
>>> IllegalArgumentException because the value had become negative.
>>>
>>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=7979
>>>
>>> For example:
>>> timer.schedule(this,timeout * 1000);
>>>
>>> schedule() takes a long, but if 'timeout' is bigger than MAX_INT/1000,
>>> the value will become negative.
>>>
>>> Searching through the V3 source code I found 40 more cases in your
>>> components: ejb, web, jta/jta, deploy, connection pool, jms, jmx.
>>>
>>> Some of the 'timeout' variables might never reach a big value, or code
>>> might not be used any more in V3, but as it's better safe than sorry
>>> I've addressed them in the attached patch (added 'L' to integer 1000).
>>> May I commit it to V3?
>>>
>>> I found these by grepping "1000;" and "1000);", so I might have
>>> missed some.
>>>
>>> Thanks,
>>> Dies
>>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.