Affected version: 26.4.2 (confirmed still present in 26.5.1)
Component: com.arcadedb.engine.timeseries.codec.Simple8bCodec
Summary
zigzagEncode(Long.MAX_VALUE) = -2 and zigzagEncode(Long.MIN_VALUE) = -1 (both negative, signed). The validation check encoded > MAX_ZIGZAG_VALUE ((1L<<60) - 1) is false for negative values, so validation passes; the encoder then masks with (1L<<60) - 1, silently dropping the top 4 bits.
Code
engine/com/arcadedb/engine/timeseries/codec/Simple8bCodec.java:69
final long encoded = zigzagEncode(values[i]);
if (encoded > MAX_ZIGZAG_VALUE) // signed >, fails for negative encoded
throw new IllegalArgumentException(…);
Impact
Any caller passing values near ±Long.MAX_VALUE (nanosecond timestamps, large counters) ingests silently-corrupted data that returns a wrong long on decode.
Suggested fix
Validate the raw input before ZigZag, or use Long.compareUnsigned(encoded, MAX_ZIGZAG_VALUE) > 0.
Affected version: 26.4.2 (confirmed still present in 26.5.1)
Component:
com.arcadedb.engine.timeseries.codec.Simple8bCodecSummary
zigzagEncode(Long.MAX_VALUE) = -2andzigzagEncode(Long.MIN_VALUE) = -1(both negative, signed). The validation checkencoded > MAX_ZIGZAG_VALUE((1L<<60) - 1) is false for negative values, so validation passes; the encoder then masks with(1L<<60) - 1, silently dropping the top 4 bits.Code
engine/com/arcadedb/engine/timeseries/codec/Simple8bCodec.java:69Impact
Any caller passing values near
±Long.MAX_VALUE(nanosecond timestamps, large counters) ingests silently-corrupted data that returns a wrong long on decode.Suggested fix
Validate the raw input before ZigZag, or use
Long.compareUnsigned(encoded, MAX_ZIGZAG_VALUE) > 0.