diff options
author | Martin Fick <martin.fick@linaro.org> | 2022-09-06 19:25:08 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2022-09-06 19:25:08 +0000 |
commit | 16d986934d8395e6dd0c332b1155d7b4b14bde5e (patch) | |
tree | c96f5bb6528a0d07d8b3440c4ff91931f042f338 | |
parent | 7dd92c3e4c53d47797e004e0fd8c8893591f1172 (diff) | |
parent | ff9444f9a558e6806f36fa44df39b9fefe552214 (diff) |
Merge "Protect query limit effectively against integer overflows" into stable-3.4
-rw-r--r-- | java/com/google/gerrit/index/query/QueryProcessor.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/java/com/google/gerrit/index/query/QueryProcessor.java b/java/com/google/gerrit/index/query/QueryProcessor.java index 125125968f..bf89303afe 100644 --- a/java/com/google/gerrit/index/query/QueryProcessor.java +++ b/java/com/google/gerrit/index/query/QueryProcessor.java @@ -244,7 +244,13 @@ public abstract class QueryProcessor<T> { // Always bump limit by 1, even if this results in exceeding the permitted // max for this user. The only way to see if there are more entities is to // ask for one more result from the query. - QueryOptions opts = createOptions(indexConfig, start, limit + 1, getRequestedFields()); + try { + limit = Math.addExact(limit, 1); + } catch (ArithmeticException e) { + limit = Integer.MAX_VALUE; + } + + QueryOptions opts = createOptions(indexConfig, start, limit, getRequestedFields()); logger.atFine().log("Query options: " + opts); Predicate<T> pred = rewriter.rewrite(q, opts); if (enforceVisibility) { |