[libpostgresql-jdbc-java] 08/93: Avoid integer overflow.
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Mon Jan 9 10:18:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to annotated tag REL9_3_1102
in repository libpostgresql-jdbc-java.
commit 5fa0ee94f261599bd5434b564460be95c38b3cab
Author: Heikki Linnakangas <heikki.linnakangas at iki.fi>
Date: Wed Nov 13 22:38:57 2013 +0200
Avoid integer overflow.
The function returns long, but does the calculation first in int. If someone
sets the timeout to 600 hours in the URL, it will overflow, even though the
return value of the function is long and hence could return a larger value.
To silence a Coverity complaint.
---
org/postgresql/Driver.java.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/org/postgresql/Driver.java.in b/org/postgresql/Driver.java.in
index 88020bf..d2f0907 100644
--- a/org/postgresql/Driver.java.in
+++ b/org/postgresql/Driver.java.in
@@ -706,7 +706,7 @@ public class Driver implements java.sql.Driver
logger.debug("Couldn't parse loginTimeout value: " + timeout);
}
}
- return DriverManager.getLoginTimeout() * 1000;
+ return (long) DriverManager.getLoginTimeout() * 1000;
}
/*
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libpostgresql-jdbc-java.git
More information about the pkg-java-commits
mailing list