Skip to content

Potential integer overflow in ExecutorConfigurationSupport.setAwaitTerminationSeconds(int) and AbstractResourceBasedMessageSource.setCacheSeconds(int) #25613

Closed
Closed
Potential integer overflow in ExecutorConfigurationSupport.setAwaitTerminationSeconds(int) and AbstractResourceBasedMessageSource.setCacheSeconds(int)#25613
Assignees
jhoeller
Labels
in: coreIssues in core modules (aop, beans, core, context, expression)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
5.2.9
@TomaszPierzchala

Description

@TomaszPierzchala
TomaszPierzchala
opened on Aug 19, 2020

Affects: 5.2.8.RELEASE
There is a small bug in the class org.springframework.scheduling.concurrent.ExecutorConfigurationSupport
in the method :

public void setAwaitTerminationSeconds(int awaitTerminationSeconds) {
		this.awaitTerminationMillis = awaitTerminationSeconds * 1000;
}

When the input parameter awaitTerminationSeconds is bigger then Integer.MAX_VALUE/1000
the value asigned to long this.awaitTerminationMillis can even be negative !

I recommend changing the 1000 to the 1000l long version as below

public void setAwaitTerminationSeconds(int awaitTerminationSeconds) {
		this.awaitTerminationMillis = awaitTerminationSeconds * 1000l;
}

Metadata

Metadata

Assignees

Labels

in: coreIssues in core modules (aop, beans, core, context, expression)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions