Protect query limit effectively against integer overflows

Release-Notes: skip Change-Id: Iddb338551c80e4f739a5bc4fc836c43a94604a70
author: Kaushik Lingarkar <kaushik.lingarkar@linaro.org> 2022-09-02 15:48:23 -0700
committer: Kaushik Lingarkar <kaushik.lingarkar@linaro.org> 2022-09-06 11:51:33 -0700
commit: ff9444f9a558e6806f36fa44df39b9fefe552214 (patch)
tree: de0805326615f63a70ffa8e438f4b9f0fdeb65f5
parent: f84e5180fc32210db3d85a75d088f5ce841e5c68 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/java/com/google/gerrit/index/query/QueryProcessor.java b/java/com/google/gerrit/index/query/QueryProcessor.java
index 125125968f..bf89303afe 100644
--- a/java/com/google/gerrit/index/query/QueryProcessor.java
+++ b/java/com/google/gerrit/index/query/QueryProcessor.java
@@ -244,7 +244,13 @@ public abstract class QueryProcessor<T> {
         // Always bump limit by 1, even if this results in exceeding the permitted
         // max for this user. The only way to see if there are more entities is to
         // ask for one more result from the query.
-        QueryOptions opts = createOptions(indexConfig, start, limit + 1, getRequestedFields());
+        try {
+          limit = Math.addExact(limit, 1);
+        } catch (ArithmeticException e) {
+          limit = Integer.MAX_VALUE;
+        }
+
+        QueryOptions opts = createOptions(indexConfig, start, limit, getRequestedFields());
         logger.atFine().log("Query options: " + opts);
         Predicate<T> pred = rewriter.rewrite(q, opts);
         if (enforceVisibility) {
author	Kaushik Lingarkar <kaushik.lingarkar@linaro.org>	2022-09-02 15:48:23 -0700
committer	Kaushik Lingarkar <kaushik.lingarkar@linaro.org>	2022-09-06 11:51:33 -0700
commit	ff9444f9a558e6806f36fa44df39b9fefe552214 (patch)
tree	de0805326615f63a70ffa8e438f4b9f0fdeb65f5
parent	f84e5180fc32210db3d85a75d088f5ce841e5c68 (diff)