| commit | 1d99aaab8e364c6ad722437e43c77fd54e13b071 | |
| author | Matthias Sohn <matthias.sohn@sap.com> | |
| Mon, 27 Apr 2009 23:02:55 +0000 (28 01:02 +0200) | ||
| committer | Shawn O. Pearce <spearce@spearce.org> | |
| Mon, 27 Apr 2009 23:12:29 +0000 (27 16:12 -0700) | ||
| tree | 46e9ac1d2f9f118924b9fd8dee8e69f180888ce4 | treesnapshot (tar.gz zip) |
| parent | 9033cdb4cc1374e0c74c0efa12ccb793e1401c95 | commitdiff |
Computation of average could overflow
The code computes the average of two integers using either division
or signed right shift, and then uses the result as the index of an
array. If the values being averaged are very large, this can overflow
(resulting in the computation of a negative average). Assuming that
the result is intended to be nonnegative, you can use an unsigned
right shift instead. In other words, rather than using (low+high)/2,
use (low+high) >>> 1.
This bug exists in many earlier implementations of binary
search and merge sort. Martin Buchholz found and fixed it
(http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6412541) in the
JDK libraries, and Joshua Bloch widely publicized the bug pattern
(http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html).
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
The code computes the average of two integers using either division
or signed right shift, and then uses the result as the index of an
array. If the values being averaged are very large, this can overflow
(resulting in the computation of a negative average). Assuming that
the result is intended to be nonnegative, you can use an unsigned
right shift instead. In other words, rather than using (low+high)/2,
use (low+high) >>> 1.
This bug exists in many earlier implementations of binary
search and merge sort. Martin Buchholz found and fixed it
(http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6412541) in the
JDK libraries, and Joshua Bloch widely publicized the bug pattern
(http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html).
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
| org.spearce.jgit/src/org/spearce/jgit/dircache/DirCache.java | diffblobblamehistory | |
| org.spearce.jgit/src/org/spearce/jgit/lib/Tree.java | diffblobblamehistory |