Bugzilla – Full Text Bug Listing
| Summary: | DiffFormatter: Context of max int results in integer overflow | ||
|---|---|---|---|
| Product: | [Technology] JGit | Reporter: | Damian <atagar1> |
| Component: | JGit | Assignee: | Project Inbox <jgit.core-inbox> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | minor | ||
| Priority: | P3 | CC: | ilmars, robin, tomasz.zarna |
| Version: | 1.3 | Keywords: | helpwanted |
| Target Milestone: | --- | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Whiteboard: | |||
Proposed fix: https://git.eclipse.org/r/37333 The review has been merged, fixed in 786ad999cdd48a952ef6f270e3e76040259e6f67. |
Build Identifier: If you call the DiffFormatter's setContext() method with Integer.MAX_VALUE (which we're doing because we wanted full-context diffs) the format() method will get into an infinite loop. This is because of the following... 684 public void format(final EditList edits, final RawText a, final RawText b) 685 throws IOException { 686 for (int curIdx = 0; curIdx < edits.size();) { ... 691 int aCur = Math.max(0, curEdit.getBeginA() - context); 692 int bCur = Math.max(0, curEdit.getBeginB() - context); 693 final int aEnd = Math.min(a.size(), endEdit.getEndA() + context); 694 final int bEnd = Math.min(b.size(), endEdit.getEndB() + context); The "endEdit.getEndA() + context" and "endEdit.getEndB() + context" experience an integer overflow, resulting in a massive negative value which causes the method to loop indefinitely. Preferably there would either be a method to get the full context, or some check here to make sure that aEnd and bEnd don't end up with a negative value. We're encountering this with stable-1.3 (commit id f70b24a), though at a quick glance this is still the case with the current master (commit id 55f42a8). Cheers! -Damian Reproducible: Always Steps to Reproduce: 1. construct a DiffFormatter 2. call setContext(Integer.MAX_VALUE) on it 3. call its format() method on something