diff options
author | Kaushik Lingarkar <kaushik.lingarkar@linaro.org> | 2022-09-02 15:48:23 -0700 |
---|---|---|
committer | Kaushik Lingarkar <kaushik.lingarkar@linaro.org> | 2022-09-06 11:51:33 -0700 |
commit | ff9444f9a558e6806f36fa44df39b9fefe552214 (patch) | |
tree | de0805326615f63a70ffa8e438f4b9f0fdeb65f5 | |
parent | f84e5180fc32210db3d85a75d088f5ce841e5c68 (diff) |
Protect query limit effectively against integer overflows
Release-Notes: skip
Change-Id: Iddb338551c80e4f739a5bc4fc836c43a94604a70
-rw-r--r-- | java/com/google/gerrit/index/query/QueryProcessor.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/java/com/google/gerrit/index/query/QueryProcessor.java b/java/com/google/gerrit/index/query/QueryProcessor.java index 125125968f..bf89303afe 100644 --- a/java/com/google/gerrit/index/query/QueryProcessor.java +++ b/java/com/google/gerrit/index/query/QueryProcessor.java @@ -244,7 +244,13 @@ public abstract class QueryProcessor<T> { // Always bump limit by 1, even if this results in exceeding the permitted // max for this user. The only way to see if there are more entities is to // ask for one more result from the query. - QueryOptions opts = createOptions(indexConfig, start, limit + 1, getRequestedFields()); + try { + limit = Math.addExact(limit, 1); + } catch (ArithmeticException e) { + limit = Integer.MAX_VALUE; + } + + QueryOptions opts = createOptions(indexConfig, start, limit, getRequestedFields()); logger.atFine().log("Query options: " + opts); Predicate<T> pred = rewriter.rewrite(q, opts); if (enforceVisibility) { |