Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 356959

Summary: integer overflow in FSIO.cvSize leads to NegativeArraySizeException
Product: [Modeling] M2T Reporter: Niko Stotz <eclipse>
Component: XpandAssignee: Karsten Thoms <karsten.thoms>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: karsten.thoms, sk, sven.efftinge
Version: 1.0.1Flags: karsten.thoms: juno+
Target Milestone: M3   
Hardware: PC   
OS: Windows XP   
Whiteboard:
Attachments:
Description Flags
Testcase showing the error
none
Proposed fixed version of FSIO sven.efftinge: iplog+

Description Niko Stotz CLA 2011-09-07 11:54:34 EDT 
Build Identifier: 20110218-0911

The static field org.eclipse.internal.xpand2.pr.util.FSIO.cvSize is initialized with 2000 in line 31 and subsequently incremented in lines 72, 98, 135; However, it is never reset or decremented. If we run the generator with enabled ProtectedRegionResolver long/often enough, cvSize will overflow eventually. This will lead to an NegativeArraySizeException in readSingleFile(), either at line 69 or line 95.

Reproducible: Always
Comment 1 Karsten Thoms CLA 2011-09-09 11:52:21 EDT 
Niko, could you propose a solution?
Comment 2 SK CLA 2011-09-09 12:19:30 EDT 
writeSingleFile(Writer,Reader) in this class already states a possible solution. pick some chunksize and use it instead of doing some fancy calculation to determine a chunksize for reading.
neither cvNumerOfFilesRead nor cvSize are effectively used.
Comment 3 Niko Stotz CLA 2011-10-07 09:50:20 EDT 
Created attachment 204749 [details]
Testcase showing the error
Comment 4 Niko Stotz CLA 2011-10-07 09:50:54 EDT 
Created attachment 204750 [details]
Proposed fixed version of FSIO
Comment 5 Niko Stotz CLA 2011-10-07 09:51:59 EDT 
The proposed fix is about 25 % faster than the original implementation.
Comment 6 Karsten Thoms CLA 2011-10-07 12:44:54 EDT 
Thanks for providing the test case and fix. Had to backport the test to Junit3.
Comment 7 Karsten Thoms CLA 2013-02-21 08:12:32 EST 
Bug resolved before Xpand 1.2 release date => Closing