cossacklabs / themis / #7634
88%
master: 83%

LAST BUILD BRANCH: release/0.15.0
DEFAULT BRANCH: master
Ran
Jobs 1
Files 73
Run time 6s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 87.707%. Remained the same
#7634

push

travis-ci

web-flow 
Avoid overflows in JNI allocations (#639)

* Avoid overflows in JNI allocations

Themis Core API works with "size_t" for buffer size inputs and outputs,
that is uint32_t on 32-bit systems or uint64_t on 64-bit ones. In most
cases Themis data structures use uint32_t for data length fields,
allowing input data to be up to 4 GB long, theoretically.

On the other hand, JVM uses "int" type for its array indices, that is
int32_t everywhere, regardless of the host system. Note that it is a
*signed* integer, meaning that native JVM byte[] arrays cannot fit more
than 2 GB of data, inclusive. There are hacks to overcome this limit,
but with byte[] API -- as in Themis -- you are limited to 2 GB.

JNI type "jsize" reflects this limitation, it is defined to be "jint"
which is typically defined as "signed int", assuming 32-bit "int" types
on most modern platforms. Thanks to C being very safe language, sizes
bigger than 2^31-1 silently overflow into negative space and then it's
up to JNI to handle this situation. Desktop Java systems typically throw
a NegativeArraySizeException when trying to allocate an array with
negative size, but Android systems typically kill the process due to
an assertion failure.

In order to have predictable behavior in this case, check all sizes
before trying to allocate an array of that size, and exit with an error
if the allocation would overflow. This way instead of crashing we will
throw an appropriate Themis subsystem exception.

Note that in some cases the array sizes do not depend on user input, but
we still check just in case the Core library does something silly. In
other cases the output can get that big due to input being sufficiently
big -- slightly smaller than 2 GB, but enough for Themis data overhead
to push that over the 2 GB limit. However, in most cases this situation
can be triggered by corrupted input where the data length fields contain
values inconsistent with actual input size.

* R... (continued)

3767 of 4295 relevant lines covered (87.71%)

19340.83 hits per line

Jobs
ID Job ID Ran Files Coverage
1 #7634.1 0
87.71
Source Files on build #7634
Detailed source file information is not available for this build.