commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Berner (Updated) (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (MATH-679) Integer overflow in OpenMapRealMatrix
Date Mon, 03 Oct 2011 05:39:34 GMT

     [ https://issues.apache.org/jira/browse/MATH-679?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Christopher Berner updated MATH-679:
------------------------------------

    Description: 
computeKey() has an integer overflow. Since it is a sparse matrix, this is quite easily encountered
long before heap space is exhausted. The attached code demonstrates the problem, which could
potentially be a security vulnerability (for example, if one was to use this matrix to store
access control information).

Workaround: never create an OpenMapRealMatrix with more cells than are addressable with an
int.

  was:
computeKey() has an integer overflow. Since it is a sparse matrix, this is quite easily encountered
long before heap space is exhausted. The code below demonstrates the problem, which could
potentially be a security vulnerability (for example, if one was to use this matrix to store
access control information).

Workaround: never create an OpenMapRealMatrix with more cells than are addressable with an
int.


import org.apache.commons.math.linear.OpenMapRealMatrix;

public class Flaw {
	public static void main(String[] args) {
		OpenMapRealMatrix m = new OpenMapRealMatrix(3, Integer.MAX_VALUE);
		m.setEntry(0, 0, 2);
		m.setEntry(2, 2, 3);
		//Should print "2.0", but instead it prints "3.0"
		System.out.println(m.getEntry(0, 0));
	}
}


Move code to an attachment
                
> Integer overflow in OpenMapRealMatrix
> -------------------------------------
>
>                 Key: MATH-679
>                 URL: https://issues.apache.org/jira/browse/MATH-679
>             Project: Commons Math
>          Issue Type: Bug
>    Affects Versions: 2.2
>            Reporter: Christopher Berner
>            Priority: Minor
>         Attachments: Flaw.java
>
>
> computeKey() has an integer overflow. Since it is a sparse matrix, this is quite easily
encountered long before heap space is exhausted. The attached code demonstrates the problem,
which could potentially be a security vulnerability (for example, if one was to use this matrix
to store access control information).
> Workaround: never create an OpenMapRealMatrix with more cells than are addressable with
an int.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message